Sample viewer

vx.netlux.org/Virus.DOS.XTC.2153

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:38.430043834Z 74 PC: 167e5 | Reallocate memory
2018-12-17T22:52:38.432843918Z 72 PC: 167ef | Allocate memory
2018-12-17T22:52:38.435038023Z 47 PC: 16806 | Get disk transfer address
2018-12-17T22:52:38.436416232Z 26 PC: 16f16 | Set disk transfer address
2018-12-17T22:52:38.438113693Z 61 PC: 168a6 | Open file (Filename = '')
2018-12-17T22:52:38.443311341Z 60 PC: 1691c | Create or truncate file
2018-12-17T22:52:38.791053321Z 64 PC: 16937 | Write file or device (Write 28 bytes on handle 6)
2018-12-17T22:52:38.800919481Z 66 PC: 16943 | Move file pointer
2018-12-17T22:52:38.803295888Z 63 PC: 1695b | Read file or device (Read 16172 bytes on handle 5)
2018-12-17T22:52:38.823004245Z 64 PC: 16966 | Write file or device (Write 16172 bytes on handle 6)
2018-12-17T22:52:38.841989083Z 62 PC: 16979 | Close file
2018-12-17T22:52:38.864077311Z 62 PC: 16980 | Close file
2018-12-17T22:52:38.866519936Z 73 PC: 16994 | Release memory
2018-12-17T22:52:38.868379741Z 74 PC: 169a2 | Reallocate memory
2018-12-17T22:52:38.871048538Z 44 PC: 169b9 | Get time 0x169b9: cmp dh, 0x2d
0x169bc: jb 0x169ca
0x169be: mov byte ptr [0x801], 1
0x169c3: nop
0x169c4: mov ax, 0x84e
0x169c7: mov word ptr [0x86b], ax
0x169ca: mov ax, 0x2a00
0x169cd: int 0x21
0x169cf: cmp byte ptr [0x865], dl
0x169d3: jne 0x169db
0x169d5: mov byte ptr [0xc29], 1
0x169da: nop
0x169db: add dl, 0xa
0x169de: cmp dl, 0x1d
0x169e1: jb 0x169e6
0x169e3: sub dl, 0x1c
0x169e6: mov byte ptr [0x865], dl
0x169ea: mov byte ptr [0xc28], 0
0x169ef: nop
0x169f0: push cs
2018-12-17T22:52:38.873893246Z 42 PC: 169cf | Get date 0x169cf: cmp byte ptr [0x865], dl
0x169d3: jne 0x169db
0x169d5: mov byte ptr [0xc29], 1
0x169da: nop
0x169db: add dl, 0xa
0x169de: cmp dl, 0x1d
0x169e1: jb 0x169e6
0x169e3: sub dl, 0x1c
0x169e6: mov byte ptr [0x865], dl
0x169ea: mov byte ptr [0xc28], 0
0x169ef: nop
0x169f0: push cs
0x169f1: pop es
0x169f2: mov si, 0x85a
0x169f5: mov di, 0xb16
0x169f8: mov bx, di
0x169fa: mov cx, 7
0x169fd: rep movsb byte ptr es:[di], byte ptr [si]
0x169ff: add bx, 3
0x16a02: call 0x16e3d
2018-12-17T22:52:38.876823095Z 26 PC: 16f16 | Set disk transfer address
2018-12-17T22:52:38.879211161Z 78 PC: 16e60 | Find first file
2018-12-17T22:52:38.885425566Z 79 PC: 16e94 | Find next file
2018-12-17T22:52:38.889158195Z 26 PC: 16f16 | Set disk transfer address
2018-12-17T22:52:38.891872742Z 26 PC: 16f16 | Set disk transfer address
2018-12-17T22:52:38.893420377Z 78 PC: 16a1e | Find first file
2018-12-17T22:52:38.899753545Z 79 PC: 16a37 | Find next file
2018-12-17T22:52:38.903047682Z 79 PC: 16a37 | Find next file
2018-12-17T22:52:38.906982472Z 26 PC: 16f16 | Set disk transfer address
2018-12-17T22:52:38.908623558Z 78 PC: 16e60 | Find first file
2018-12-17T22:52:38.919114942Z 26 PC: 16f16 | Set disk transfer address
2018-12-17T22:52:38.922146946Z 67 PC: 16a5e | Get or set file attributes
2018-12-17T22:52:38.929380315Z 67 PC: 16a6a | Get or set file attributes
2018-12-17T22:52:38.940488207Z 61 PC: 16a75 | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-17T22:52:38.949691039Z 63 PC: 16ac7 | Read file or device (Read 28 bytes on handle 5)
2018-12-17T22:52:38.957510269Z 66 PC: 16ae0 | Move file pointer
2018-12-17T22:52:38.95970638Z 66 PC: 16bea | Move file pointer
2018-12-17T22:52:38.962486522Z 64 PC: 16c04 | Write file or device (Write 28 bytes on handle 5)
2018-12-17T22:52:38.96622985Z 66 PC: 16c16 | Move file pointer
2018-12-17T22:52:38.968138096Z 44 PC: 16f77 | Get time 0x16f77: mov bl, dl
0x16f79: int 0x21
0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:38.971781183Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:38.974210018Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:38.976852087Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:38.9793494Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:38.985843277Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:38.988483211Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:38.99052994Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:38.99386512Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:38.996629068Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:38.998900242Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.005768857Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.009990277Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.01342059Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.016806704Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.020378796Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.02379416Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.027374407Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.030404923Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.032994622Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.036935073Z 44 PC: 16f77 | Get time 0x16f77: mov bl, dl
0x16f79: int 0x21
0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.039405048Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.042077854Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.045634028Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.048753535Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.051579665Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.054388658Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.058245683Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.061031216Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.063846073Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.067715862Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.070490061Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.073278105Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.076875175Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.080000794Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.082774873Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.086299885Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.092391967Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.095163147Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.097957071Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.102466186Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.105063211Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.107555687Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.112317709Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-17T22:52:39.116920264Z 64 PC: 1740e | Write file or device (Write 2153 bytes on handle 5)
2018-12-17T22:52:39.12688844Z 87 PC: 16c27 | Get or set file date and time
2018-12-17T22:52:39.129374373Z 87 PC: 16c3d | Get or set file date and time
2018-12-17T22:52:39.13140085Z 62 PC: 16c49 | Close file
2018-12-17T22:52:39.13941172Z 67 PC: 16c55 | Get or set file attributes
2018-12-17T22:52:39.152090999Z 26 PC: 16c9c | Set disk transfer address
2018-12-17T22:52:39.154109678Z 74 PC: 16cb6 | Reallocate memory
2018-12-17T22:52:39.156104089Z 75 PC: 12a45 | Execute program
2018-12-17T22:52:39.178365343Z 98 PC: 15078 | Get current PSP
2018-12-17T22:52:39.180621521Z 74 PC: 150b7 | Reallocate memory
2018-12-17T22:52:39.182554282Z 82 PC: 150bd | Get DOS internal pointers (SYSVARS)
2018-12-17T22:52:39.184290565Z 25 PC: 16113 | Get default drive
2018-12-17T22:52:39.186912714Z 13 PC: 160c8 | Disk reset
2018-12-17T22:52:39.189347629Z 99 PC: 13cab | Get DBCS lead byte table pointer
2018-12-17T22:52:39.191149959Z 68 PC: 13cc5 | I/O control for devices (Set for = '')
2018-12-17T22:52:39.193846816Z 68 PC: 13cd0 | I/O control for devices (Set for = 'H?')
2018-12-17T22:52:39.19613384Z 68 PC: 13cdb | I/O control for devices (Set for = '')
2018-12-17T22:52:39.197925975Z 68 PC: 13ce3 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-17T22:52:39.200581278Z 48 PC: 13ce8 | Get DOS version
2018-12-17T22:52:39.202855075Z 64 PC: 13f61 | Write file or device (Write 23 bytes on handle 2)
2018-12-17T22:52:39.208549658Z 76 PC: 160f1 | Terminate with return code (Return code = '0')
2018-12-17T22:52:39.212844893Z 65 PC: 12a55 | Delete file (Filename = '��')
2018-12-17T22:52:39.226487451Z 77 PC: 12a5a | Get program return code
2018-12-17T22:52:39.228107388Z 76 PC: 12a5e | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":10958,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:43.767358595Z 74 PC: 167e5 | Reallocate memory
2018-12-25T12:29:43.769568937Z 72 PC: 167ef | Allocate memory
2018-12-25T12:29:43.771305169Z 47 PC: 16806 | Get disk transfer address
2018-12-25T12:29:43.772565235Z 26 PC: 16f16 | Set disk transfer address
2018-12-25T12:29:43.774820341Z 61 PC: 168a6 | Open file (Filename = '')
2018-12-25T12:29:43.78229003Z 60 PC: 1691c | Create or truncate file
2018-12-25T12:29:45.010977655Z 64 PC: 16937 | Write file or device (Write 28 bytes on handle 6)
2018-12-25T12:29:45.020985362Z 66 PC: 16943 | Move file pointer
2018-12-25T12:29:45.023057805Z 63 PC: 1695b | Read file or device (Read 16172 bytes on handle 5)
2018-12-25T12:29:45.032364558Z 64 PC: 16966 | Write file or device (Write 16172 bytes on handle 6)
2018-12-25T12:29:45.049790764Z 62 PC: 16979 | Close file
2018-12-25T12:29:45.058595535Z 62 PC: 16980 | Close file
2018-12-25T12:29:45.05997758Z 73 PC: 16994 | Release memory
2018-12-25T12:29:45.061152956Z 74 PC: 169a2 | Reallocate memory
2018-12-25T12:29:45.062586056Z 44 PC: 169b9 | Get time 0x169b9: cmp dh, 0x2d
0x169bc: jb 0x169ca
0x169be: mov byte ptr [0x801], 1
0x169c3: nop
0x169c4: mov ax, 0x84e
0x169c7: mov word ptr [0x86b], ax
0x169ca: mov ax, 0x2a00
0x169cd: int 0x21
0x169cf: cmp byte ptr [0x865], dl
0x169d3: jne 0x169db
0x169d5: mov byte ptr [0xc29], 1
0x169da: nop
0x169db: add dl, 0xa
0x169de: cmp dl, 0x1d
0x169e1: jb 0x169e6
0x169e3: sub dl, 0x1c
0x169e6: mov byte ptr [0x865], dl
0x169ea: mov byte ptr [0xc28], 0
0x169ef: nop
0x169f0: push cs
2018-12-25T12:29:45.072195201Z 42 PC: 169cf | Get date 0x169cf: cmp byte ptr [0x865], dl
0x169d3: jne 0x169db
0x169d5: mov byte ptr [0xc29], 1
0x169da: nop
0x169db: add dl, 0xa
0x169de: cmp dl, 0x1d
0x169e1: jb 0x169e6
0x169e3: sub dl, 0x1c
0x169e6: mov byte ptr [0x865], dl
0x169ea: mov byte ptr [0xc28], 0
0x169ef: nop
0x169f0: push cs
0x169f1: pop es
0x169f2: mov si, 0x85a
0x169f5: mov di, 0xb16
0x169f8: mov bx, di
0x169fa: mov cx, 7
0x169fd: rep movsb byte ptr es:[di], byte ptr [si]
0x169ff: add bx, 3
0x16a02: call 0x16e3d
2018-12-25T12:29:45.073800245Z 26 PC: 16f16 | Set disk transfer address (See above)
2018-12-25T12:29:45.084421849Z 78 PC: 16e60 | Find first file
2018-12-25T12:29:45.09239442Z 79 PC: 16e94 | Find next file
2018-12-25T12:29:45.094799681Z 26 PC: 16f16 | Set disk transfer address (See above)
2018-12-25T12:29:45.096436539Z 26 PC: 16f16 | Set disk transfer address (See above)
2018-12-25T12:29:45.097494424Z 78 PC: 16a1e | Find first file
2018-12-25T12:29:45.102996106Z 79 PC: 16a37 | Find next file
2018-12-25T12:29:45.105966127Z 79 PC: 16a37 | Find next file (See above)
2018-12-25T12:29:45.108744449Z 26 PC: 16f16 | Set disk transfer address (See above)
2018-12-25T12:29:45.109855187Z 78 PC: 16e60 | Find first file (See above)
2018-12-25T12:29:45.120911497Z 26 PC: 16f16 | Set disk transfer address (See above)
2018-12-25T12:29:45.122063643Z 67 PC: 16a5e | Get or set file attributes
2018-12-25T12:29:45.128581801Z 67 PC: 16a6a | Get or set file attributes
2018-12-25T12:29:45.393665607Z 61 PC: 16a75 | Open file (Filename = 'C:\DOS\ATTRIB.EXE')
2018-12-25T12:29:45.398723149Z 63 PC: 16ac7 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:29:45.4050445Z 66 PC: 16ae0 | Move file pointer
2018-12-25T12:29:45.406786844Z 66 PC: 16bea | Move file pointer
2018-12-25T12:29:45.408457221Z 64 PC: 16c04 | Write file or device (Write 28 bytes on handle 5)
2018-12-25T12:29:45.411294064Z 66 PC: 16c16 | Move file pointer
2018-12-25T12:29:45.412774249Z 44 PC: 16f77 | Get time 0x16f77: mov bl, dl
0x16f79: int 0x21
0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-25T12:29:45.415591955Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add byte ptr [di + 0x5a], cl
0x16f94: enter 0x1601, 0
0x16f98: add word ptr [bx + si], ax
0x16f9a: or byte ptr [bx + si], al
0x16f9c: dec ax
0x16f9d: add bh, bh
2018-12-25T12:29:45.418384004Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.421163733Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.42467317Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.427258611Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.429717247Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.43374984Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.436437532Z 44 PC: 16f77 | Get time (See above)
2018-12-25T12:29:45.438750637Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.441499577Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.444258105Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.446465393Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.449217023Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.451546711Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.45373336Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.456406804Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.458641501Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.460910679Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.463301897Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.466344923Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.468612591Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.470831969Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.473203057Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.475586233Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.478232475Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.481226093Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.484037401Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.486424961Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.48923718Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.491509931Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.493770128Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.496650949Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.499052674Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.501726335Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.505434022Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:45.510136574Z 64 PC: 1740e | Write file or device (Write 2153 bytes on handle 5)
2018-12-25T12:29:45.519933255Z 87 PC: 16c27 | Get or set file date and time
2018-12-25T12:29:45.522156118Z 87 PC: 16c3d | Get or set file date and time
2018-12-25T12:29:45.523864028Z 62 PC: 16c49 | Close file
2018-12-25T12:29:45.531031959Z 67 PC: 16c55 | Get or set file attributes
2018-12-25T12:29:45.542050532Z 26 PC: 16c9c | Set disk transfer address
2018-12-25T12:29:45.543431282Z 74 PC: 16cb6 | Reallocate memory
2018-12-25T12:29:45.544927463Z 75 PC: 12a45 | Execute program
2018-12-25T12:29:45.567517924Z 98 PC: 15078 | Get current PSP
2018-12-25T12:29:45.56946484Z 74 PC: 150b7 | Reallocate memory
2018-12-25T12:29:45.570738919Z 82 PC: 150bd | Get DOS internal pointers (SYSVARS)
2018-12-25T12:29:45.572156712Z 25 PC: 16113 | Get default drive
2018-12-25T12:29:45.573742881Z 13 PC: 160c8 | Disk reset
2018-12-25T12:29:45.576037657Z 99 PC: 13cab | Get DBCS lead byte table pointer
2018-12-25T12:29:45.577585945Z 68 PC: 13cc5 | I/O control for devices (Set for = '')
2018-12-25T12:29:45.57925446Z 68 PC: 13cd0 | I/O control for devices (Set for = 'H?')
2018-12-25T12:29:45.580857801Z 68 PC: 13cdb | I/O control for devices (Set for = '')
2018-12-25T12:29:45.582174592Z 68 PC: 13ce3 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:29:45.584022277Z 48 PC: 13ce8 | Get DOS version
2018-12-25T12:29:45.585623762Z 64 PC: 13f61 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:29:45.590948257Z 76 PC: 160f1 | Terminate with return code (Return code = '0')
2018-12-25T12:29:45.603512909Z 65 PC: 12a55 | Delete file (Filename = '��')
2018-12-25T12:29:45.616387744Z 77 PC: 12a5a | Get program return code
2018-12-25T12:29:45.61757801Z 76 PC: 12a5e | Terminate with return code (Return code = '0')

{"DateBased":false,"Day":0,"Month":0,"Year":0,"Hour":0,"Min":0,"Second":45,"TimeBased":true,"OriginalID":10958,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:43.884956808Z 74 PC: 167e5 | Reallocate memory
2018-12-25T12:29:43.886921492Z 72 PC: 167ef | Allocate memory
2018-12-25T12:29:43.888320516Z 47 PC: 16806 | Get disk transfer address
2018-12-25T12:29:43.88932488Z 26 PC: 16f16 | Set disk transfer address
2018-12-25T12:29:43.8909167Z 61 PC: 168a6 | Open file (Filename = '')
2018-12-25T12:29:43.897432631Z 60 PC: 1691c | Create or truncate file
2018-12-25T12:29:44.231985533Z 64 PC: 16937 | Write file or device (Write 28 bytes on handle 6)
2018-12-25T12:29:44.241273383Z 66 PC: 16943 | Move file pointer
2018-12-25T12:29:44.242763596Z 63 PC: 1695b | Read file or device (Read 16172 bytes on handle 5)
2018-12-25T12:29:44.251995998Z 64 PC: 16966 | Write file or device (Write 16172 bytes on handle 6)
2018-12-25T12:29:44.265856976Z 62 PC: 16979 | Close file
2018-12-25T12:29:44.273494789Z 62 PC: 16980 | Close file
2018-12-25T12:29:44.275221194Z 73 PC: 16994 | Release memory
2018-12-25T12:29:44.277035169Z 74 PC: 169a2 | Reallocate memory
2018-12-25T12:29:44.278340578Z 44 PC: 169b9 | Get time 0x169b9: cmp dh, 0x2d
0x169bc: jb 0x169ca
0x169be: mov byte ptr [0x801], 1
0x169c3: nop
0x169c4: mov ax, 0x84e
0x169c7: mov word ptr [0x86b], ax
0x169ca: mov ax, 0x2a00
0x169cd: int 0x21
0x169cf: cmp byte ptr [0x865], dl
0x169d3: jne 0x169db
0x169d5: mov byte ptr [0xc29], 1
0x169da: nop
0x169db: add dl, 0xa
0x169de: cmp dl, 0x1d
0x169e1: jb 0x169e6
0x169e3: sub dl, 0x1c
0x169e6: mov byte ptr [0x865], dl
0x169ea: mov byte ptr [0xc28], 0
0x169ef: nop
0x169f0: push cs
2018-12-25T12:29:44.280296796Z 42 PC: 169cf | Get date 0x169cf: cmp byte ptr [0x865], dl
0x169d3: jne 0x169db
0x169d5: mov byte ptr [0xc29], 1
0x169da: nop
0x169db: add dl, 0xa
0x169de: cmp dl, 0x1d
0x169e1: jb 0x169e6
0x169e3: sub dl, 0x1c
0x169e6: mov byte ptr [0x865], dl
0x169ea: mov byte ptr [0xc28], 0
0x169ef: nop
0x169f0: push cs
0x169f1: pop es
0x169f2: mov si, 0x85a
0x169f5: mov di, 0xb16
0x169f8: mov bx, di
0x169fa: mov cx, 7
0x169fd: rep movsb byte ptr es:[di], byte ptr [si]
0x169ff: add bx, 3
0x16a02: call 0x16e3d
2018-12-25T12:29:44.28332004Z 26 PC: 16f16 | Set disk transfer address (See above)
2018-12-25T12:29:44.284513212Z 78 PC: 16e60 | Find first file
2018-12-25T12:29:44.290150231Z 26 PC: 16f16 | Set disk transfer address (See above)
2018-12-25T12:29:44.291919335Z 67 PC: 16a5e | Get or set file attributes
2018-12-25T12:29:44.296820698Z 67 PC: 16a6a | Get or set file attributes
2018-12-25T12:29:44.305966121Z 61 PC: 16a75 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:29:44.312700239Z 63 PC: 16ac7 | Read file or device (Read 28 bytes on handle 5)
2018-12-25T12:29:44.315705041Z 66 PC: 16ae0 | Move file pointer
2018-12-25T12:29:44.317156542Z 44 PC: 16f77 | Get time 0x16f77: mov bl, dl
0x16f79: int 0x21
0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add cx, bp
0x16f93: insw word ptr es:[di], dx
0x16f94: adc ax, 0x8866
0x16f97: adc ax, 0
2018-12-25T12:29:44.329108809Z 44 PC: 16f7b | Get time 0x16f7b: cmp bl, dl
0x16f7d: je 0x16f79
0x16f7f: mov cx, dx
0x16f81: xor ax, ax
0x16f83: mov al, ch
0x16f85: mov dx, 0x3e8
0x16f88: mul dx
0x16f8a: add ax, cx
0x16f8c: add ax, 0xbb8
0x16f8f: pop bx
0x16f90: ret
0x16f91: add cx, bp
0x16f93: insw word ptr es:[di], dx
0x16f94: adc ax, 0x8866
0x16f97: adc ax, 0
2018-12-25T12:29:44.331223748Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.333356497Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.341111502Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.342709954Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.344109146Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.345853965Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.347242345Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.348655052Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.350541203Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.351984795Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.353368849Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.355296548Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.356788413Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.358312325Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.360386709Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.361758387Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.36307048Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.364852469Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.366191785Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.367495048Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.369737322Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.371155948Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.372473713Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.37452158Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.3761103Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.377726862Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.37963731Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.380992126Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.38232103Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.384283418Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.385765085Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.38716074Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.389074042Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.390605505Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.392148369Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.394115462Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.395569362Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.397442067Z 66 PC: 16b47 | Move file pointer
2018-12-25T12:29:44.398896038Z 64 PC: 16b59 | Write file or device (Write 15 bytes on handle 5)
2018-12-25T12:29:44.400938622Z 66 PC: 16bea | Move file pointer
2018-12-25T12:29:44.40184112Z 64 PC: 16c04 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:44.404357451Z 66 PC: 16c16 | Move file pointer
2018-12-25T12:29:44.40528225Z 44 PC: 16f77 | Get time (See above)
2018-12-25T12:29:44.406604238Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.408837093Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.410347759Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.412057827Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.41374341Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.415414585Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.416819096Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.418671657Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.420131097Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.42154875Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.424125758Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.425515607Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.427706888Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.430458279Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.433703939Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.435737083Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.437331931Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.439077969Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.440449426Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.44211549Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.444009058Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.445527305Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.447033095Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.44899577Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.450525566Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.452019338Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.453975469Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.455443713Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.456904436Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.458807367Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.460217281Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.461833833Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.46379338Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.465220867Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.466822723Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.468719999Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.470081202Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.471477779Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.473589666Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.475048962Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.48281035Z 44 PC: 16f77 | Get time (See above)
2018-12-25T12:29:44.485332395Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.487374291Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.48927822Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.491715466Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.493731038Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.495744851Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.498618784Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.500652229Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.50267596Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.505518656Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.507460603Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.509419159Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.511922653Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.513915776Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.516006988Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.518695827Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.520778211Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.522946878Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.525823014Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.527987861Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.529914045Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.532452358Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.534641Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.536707493Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.539367238Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.546763831Z 44 PC: 16f7b | Get time (See above)
2018-12-25T12:29:44.550731552Z 64 PC: 1740e | Write file or device (Write 2153 bytes on handle 5)
2018-12-25T12:29:44.564382671Z 87 PC: 16c27 | Get or set file date and time
2018-12-25T12:29:44.565615554Z 87 PC: 16c3d | Get or set file date and time
2018-12-25T12:29:44.56695021Z 62 PC: 16c49 | Close file
2018-12-25T12:29:44.574464965Z 67 PC: 16c55 | Get or set file attributes
2018-12-25T12:29:44.583243639Z 26 PC: 16c9c | Set disk transfer address
2018-12-25T12:29:44.584438909Z 74 PC: 16cb6 | Reallocate memory
2018-12-25T12:29:44.586804653Z 75 PC: 12a45 | Execute program
2018-12-25T12:29:44.60624733Z 98 PC: 15078 | Get current PSP
2018-12-25T12:29:44.607130042Z 74 PC: 150b7 | Reallocate memory
2018-12-25T12:29:44.60939832Z 82 PC: 150bd | Get DOS internal pointers (SYSVARS)
2018-12-25T12:29:44.610848178Z 25 PC: 16113 | Get default drive
2018-12-25T12:29:44.612167211Z 13 PC: 160c8 | Disk reset
2018-12-25T12:29:44.615739087Z 99 PC: 13cab | Get DBCS lead byte table pointer
2018-12-25T12:29:44.617106087Z 68 PC: 13cc5 | I/O control for devices (Set for = '')
2018-12-25T12:29:44.618472706Z 68 PC: 13cd0 | I/O control for devices (Set for = 'H?')
2018-12-25T12:29:44.621044479Z 68 PC: 13cdb | I/O control for devices (Set for = '')
2018-12-25T12:29:44.622354961Z 68 PC: 13ce3 | I/O control for devices (Set for = '��b���g�t�S3����[r�2��W�<t�<u�6�u����>��>W')
2018-12-25T12:29:44.623889725Z 48 PC: 13ce8 | Get DOS version
2018-12-25T12:29:44.62708699Z 64 PC: 13f61 | Write file or device (Write 23 bytes on handle 2)
2018-12-25T12:29:44.632759963Z 76 PC: 160f1 | Terminate with return code (Return code = '0')
2018-12-25T12:29:44.635664355Z 65 PC: 12a55 | Delete file (Filename = '��')
2018-12-25T12:29:44.648372112Z 77 PC: 12a5a | Get program return code
2018-12-25T12:29:44.649510113Z 76 PC: 12a5e | Terminate with return code (Return code = '0')