Sample viewer

vx.netlux.org/Virus.DOS.Manuella.5238

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:52:38.818386986Z 75 PC: 12a5a | Execute program
2018-12-17T22:52:38.820829495Z 53 PC: 12a64 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:38.823406756Z 74 PC: 12a81 | Reallocate memory
2018-12-17T22:52:38.82512278Z 72 PC: 12a88 | Allocate memory
2018-12-17T22:52:38.827160557Z 37 PC: 12ab1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-17T22:52:38.829795457Z 42 PC: 12ab8 | Get date 0x12ab8: cmp dx, 0x501
0x12abc: je 0x12ac1
0x12abe: jmp 0x12b67
0x12ac1: mov ah, 0xf
0x12ac3: int 0x10
0x12ac5: xor ah, ah
0x12ac7: push ax
0x12ac8: mov ax, 0x13
0x12acb: int 0x10
0x12acd: mov cx, 0x1c
0x12ad0: xor bx, bx
0x12ad2: lea si, word ptr [bp + 0x3cc]
0x12ad6: mov dx, 0x3c8
0x12ad9: mov al, bl
0x12adb: out dx, al
0x12adc: lodsb al, byte ptr [si]
0x12add: mov dx, 0x3c9
0x12ae0: out dx, al
0x12ae1: lodsb al, byte ptr [si]
0x12ae2: out dx, al
2018-12-17T22:52:38.834524059Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:52:38.835822689Z 72 PC: 12174 | Allocate memory
2018-12-17T22:52:38.839185075Z 72 PC: 1218d | Allocate memory
2018-12-17T22:52:38.842036482Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:52:38.843331725Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:38.845835978Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.850992295Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.85344388Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.85663772Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.858409919Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.860113318Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.862300717Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.863999879Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.865152204Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.867499583Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.869232208Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.871327244Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.873638776Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.875743259Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.879156841Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.881550287Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.883098626Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.885116076Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.887272056Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.889726917Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.890906022Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.89255017Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.89552604Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.89714414Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.902144864Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.904407525Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.906101426Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.908096063Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.910373641Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.912064477Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.913917589Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.91632471Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.918683662Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.922733449Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.925928491Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.927654443Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.928903229Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.931279202Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.932862837Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.934725947Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.936195608Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.938942698Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.940310698Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.942168488Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.944433142Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.946417629Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.948085543Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.951720882Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.953587679Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.955734892Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.958338663Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.960174381Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.961428437Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.964060291Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.965409415Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.967126641Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.969267853Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.971017891Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.97227376Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.974612644Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:38.976292769Z 62 PC: 122ab | Close file
2018-12-17T22:52:38.979331638Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-17T22:52:38.987387361Z 66 PC: 12372 | Move file pointer
2018-12-17T22:52:38.988974202Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-17T22:52:39.006655526Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:39.008876638Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:39.012006818Z 87 PC: 9e9a6 | Get or set file date and time
2018-12-17T22:52:39.014360529Z 63 PC: 9e9c4 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:52:39.017899106Z 66 PC: 9e9da | Move file pointer
2018-12-17T22:52:39.020905674Z 64 PC: 9e9f7 | Write file or device (Write 5238 bytes on handle 5)
2018-12-17T22:52:39.364374725Z 66 PC: 9e9ff | Move file pointer
2018-12-17T22:52:39.366556493Z 64 PC: 9ea09 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:52:39.370608945Z 87 PC: 9ea1e | Get or set file date and time
2018-12-17T22:52:39.372301345Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:39.373843552Z 62 PC: 1238a | Close file
2018-12-17T22:52:39.383950768Z 99 PC: 99147 | Get DBCS lead byte table pointer
2018-12-17T22:52:39.385430507Z 56 PC: 93969 | Get or set country info
2018-12-17T22:52:39.38750249Z 64 PC: 993b8 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:52:39.393964328Z 25 PC: 939d2 | Get default drive
2018-12-17T22:52:39.396095963Z 71 PC: 95c4d | Get current directory
2018-12-17T22:52:39.400573974Z 64 PC: 993b8 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:52:39.404531829Z 2 PC: 95c22 | Character output (Char = '3e')
2018-12-17T22:52:39.40800337Z 93 PC: 93a90 | File sharing functions
2018-12-17T22:52:39.410121259Z 93 PC: 93a97 | File sharing functions
2018-12-17T22:52:39.412813266Z 10 PC: 93aa9 | Buffered keyboard input
2018-12-17T22:52:53.809576766Z 0 PC: 0 | Program terminate
2018-12-17T22:52:55.165159071Z 0 PC: 0 | Program terminate
2018-12-17T22:52:55.268032365Z 64 PC: 993b8 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:52:55.274421307Z 41 PC: 93b1e | Parse filename
2018-12-17T22:52:55.27660567Z 41 PC: 93b9f | Parse filename
2018-12-17T22:52:55.279435195Z 41 PC: 93bbc | Parse filename
2018-12-17T22:52:55.28315333Z 26 PC: 97067 | Set disk transfer address
2018-12-17T22:52:55.285991161Z 71 PC: 97263 | Get current directory
2018-12-17T22:52:55.296607303Z 78 PC: 9726e | Find first file
2018-12-17T22:52:55.306641531Z 71 PC: 970dc | Get current directory
2018-12-17T22:52:55.310163187Z 73 PC: 96779 | Release memory
2018-12-17T22:52:55.313480689Z 75 PC: 11821 | Execute program
2018-12-17T22:52:55.328224705Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-17T22:52:55.33272038Z 76 PC: 12a4b | Terminate with return code (Return code = '36')
2018-12-17T22:52:55.336972137Z 77 PC: 11fe0 | Get program return code
2018-12-17T22:52:55.339767027Z 72 PC: 12174 | Allocate memory
2018-12-17T22:52:55.342182313Z 72 PC: 1218d | Allocate memory
2018-12-17T22:52:55.344569879Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-17T22:52:55.347000905Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-17T22:52:55.348566236Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.350202479Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.35281149Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.35477058Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.356279645Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.359277667Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.360853828Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.362785807Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.365104923Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.367252387Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.368576334Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.370883808Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.372817892Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.375640734Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.377416389Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.380233641Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.381825081Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.38378346Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.38644529Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.388422694Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.389979529Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.393735023Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.395187933Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.39701236Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.400234743Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.401981814Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.403409937Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.406478011Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.407810624Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.409497623Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.41201961Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.413805334Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.415329077Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.418662048Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.420033204Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.421923194Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.423875973Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.425903191Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.427518134Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.430550109Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.431928479Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.433729141Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.441174697Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.443021266Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.444591926Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.447331272Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.44924097Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.451310798Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.454200766Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.456138506Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.457738041Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.459788683Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.461848983Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.463573923Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.46505743Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.467324759Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.468747632Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.471377482Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.4727123Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.474507582Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:52:55.475848921Z 62 PC: 122ab | Close file
2018-12-17T22:52:55.479550224Z 99 PC: 99147 | Get DBCS lead byte table pointer
2018-12-17T22:52:55.481096268Z 56 PC: 93969 | Get or set country info
2018-12-17T22:52:55.483195993Z 64 PC: 993b8 | Write file or device (Write 2 bytes on handle 1)
2018-12-17T22:52:55.489666156Z 25 PC: 939d2 | Get default drive
2018-12-17T22:52:55.49140364Z 71 PC: 95c4d | Get current directory
2018-12-17T22:52:55.495737311Z 64 PC: 993b8 | Write file or device (Write 3 bytes on handle 1)
2018-12-17T22:52:55.499640874Z 2 PC: 95c22 | Character output (Char = '3e')
2018-12-17T22:52:55.501904325Z 93 PC: 93a90 | File sharing functions
2018-12-17T22:52:55.503504141Z 93 PC: 93a97 | File sharing functions
2018-12-17T22:52:55.50599506Z 10 PC: 93aa9 | Buffered keyboard input

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10965,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:43.816278504Z 75 PC: 12a5a | Execute program
2018-12-25T12:29:43.817871226Z 53 PC: 12a64 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:43.819763971Z 74 PC: 12a81 | Reallocate memory
2018-12-25T12:29:43.821100396Z 72 PC: 12a88 | Allocate memory
2018-12-25T12:29:43.822535463Z 37 PC: 12ab1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:43.824164275Z 42 PC: 12ab8 | Get date 0x12ab8: cmp dx, 0x501
0x12abc: je 0x12ac1
0x12abe: jmp 0x12b67
0x12ac1: mov ah, 0xf
0x12ac3: int 0x10
0x12ac5: xor ah, ah
0x12ac7: push ax
0x12ac8: mov ax, 0x13
0x12acb: int 0x10
0x12acd: mov cx, 0x1c
0x12ad0: xor bx, bx
0x12ad2: lea si, word ptr [bp + 0x3cc]
0x12ad6: mov dx, 0x3c8
0x12ad9: mov al, bl
0x12adb: out dx, al
0x12adc: lodsb al, byte ptr [si]
0x12add: mov dx, 0x3c9
0x12ae0: out dx, al
0x12ae1: lodsb al, byte ptr [si]
0x12ae2: out dx, al
2018-12-25T12:29:43.82863633Z 77 PC: 11fe0 | Get program return code
2018-12-25T12:29:43.829801374Z 72 PC: 12174 | Allocate memory
2018-12-25T12:29:43.832020811Z 72 PC: 1218d | Allocate memory
2018-12-25T12:29:43.834319291Z 37 PC: 123c4 | Set interrupt vector (Interrupt = '34' AKA 'Random write')
2018-12-25T12:29:43.835450721Z 37 PC: 123cb | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records')
2018-12-25T12:29:43.837004971Z 37 PC: 123d2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:43.838082304Z 53 PC: 9e954 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:43.839060497Z 37 PC: 9e968 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:43.847372541Z 37 PC: 9ea29 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:29:43.848355443Z 62 PC: 122ab | Close file
2018-12-25T12:29:43.849464732Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.850520206Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.860640907Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.86183357Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.863419528Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.865660417Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.867402999Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.868606968Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.870703931Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.871925822Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.873535585Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.875253675Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.876951692Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.878195939Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.880312603Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.881536531Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.883244339Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.885433986Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.887278898Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.888636636Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.890332031Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.892328017Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.8944334Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.896107729Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.898534056Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.899773539Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.901356478Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.903787223Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.905426107Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.906627995Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.908643226Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.910089094Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.911710842Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.913294148Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.914951467Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.916156643Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.918617708Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.920034382Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.921781251Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.923498852Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.925613689Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.927331802Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.929501494Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.931283651Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.933386458Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.935236648Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.937581596Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.938759448Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.940379937Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.942219353Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.943762928Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.944873416Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.946810036Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.94802839Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.949598441Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:43.951147244Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:29:43.953821341Z 61 PC: 12354 | Open file (Filename = 'C:\COMMAND.COM')
2018-12-25T12:29:43.960401028Z 66 PC: 12372 | Move file pointer
2018-12-25T12:29:43.962324315Z 63 PC: 12383 | Read file or device (Read 44693 bytes on handle 5)
2018-12-25T12:29:43.976717928Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:29:43.977894508Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:29:43.979887186Z 87 PC: 9e9a6 | Get or set file date and time
2018-12-25T12:29:43.98211207Z 63 PC: 9e9c4 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:29:43.984668374Z 66 PC: 9e9da | Move file pointer
2018-12-25T12:29:43.986427984Z 64 PC: 9e9f7 | Write file or device (Write 5238 bytes on handle 5)
2018-12-25T12:29:45.016443149Z 66 PC: 9e9ff | Move file pointer
2018-12-25T12:29:45.018468091Z 64 PC: 9ea09 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:29:45.02251619Z 87 PC: 9ea1e | Get or set file date and time
2018-12-25T12:29:45.023680587Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:29:45.024578827Z 62 PC: 1238a | Close file
2018-12-25T12:29:45.034640884Z 99 PC: 99147 | Get DBCS lead byte table pointer
2018-12-25T12:29:45.036258247Z 56 PC: 93969 | Get or set country info
2018-12-25T12:29:45.038588686Z 64 PC: 993b8 | Write file or device (Write 2 bytes on handle 1)
2018-12-25T12:29:45.044490911Z 25 PC: 939d2 | Get default drive
2018-12-25T12:29:45.046487765Z 71 PC: 95c4d | Get current directory
2018-12-25T12:29:45.051346308Z 64 PC: 993b8 | Write file or device (See above)
2018-12-25T12:29:45.056074899Z 2 PC: 95c22 | Character output (Char = '3e')
2018-12-25T12:29:45.058825868Z 93 PC: 93a90 | File sharing functions
2018-12-25T12:29:45.060629732Z 93 PC: 93a97 | File sharing functions
2018-12-25T12:29:45.063400495Z 10 PC: 93aa9 | Buffered keyboard input
2018-12-25T12:29:58.799985413Z 0 PC: 0 | Program terminate
2018-12-25T12:30:00.155362177Z 0 PC: 0 | Program terminate (See above)
2018-12-25T12:30:00.258344814Z 64 PC: 993b8 | Write file or device (See above)
2018-12-25T12:30:00.26553854Z 41 PC: 93b1e | Parse filename
2018-12-25T12:30:00.26919427Z 41 PC: 93b9f | Parse filename
2018-12-25T12:30:00.27296225Z 41 PC: 93bbc | Parse filename
2018-12-25T12:30:00.276468739Z 26 PC: 97067 | Set disk transfer address
2018-12-25T12:30:00.278849158Z 71 PC: 97263 | Get current directory
2018-12-25T12:30:00.289504649Z 78 PC: 9726e | Find first file
2018-12-25T12:30:00.302110762Z 71 PC: 970dc | Get current directory
2018-12-25T12:30:00.30647996Z 73 PC: 96779 | Release memory
2018-12-25T12:30:00.309765176Z 75 PC: 11821 | Execute program
2018-12-25T12:30:00.3257692Z 9 PC: 12a47 | Display string (String= 'Hello, World! ')
2018-12-25T12:30:00.331535984Z 76 PC: 12a4b | Terminate with return code (Return code = '36')
2018-12-25T12:30:00.339356341Z 77 PC: 11fe0 | Get program return code (See above)
2018-12-25T12:30:00.340925303Z 72 PC: 12174 | Allocate memory (See above)
2018-12-25T12:30:00.343092851Z 72 PC: 1218d | Allocate memory (See above)
2018-12-25T12:30:00.34690486Z 37 PC: 123c4 | Set interrupt vector (See above)
2018-12-25T12:30:00.348555895Z 37 PC: 123cb | Set interrupt vector (See above)
2018-12-25T12:30:00.350226727Z 37 PC: 123d2 | Set interrupt vector (See above)
2018-12-25T12:30:00.352761507Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.354451908Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.356655904Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.359057147Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.360888113Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.362635947Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.365493463Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.366840515Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.369427273Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.371598754Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.373378976Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.374682207Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.377819398Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.387262526Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.389261709Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.390919654Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.39354429Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.395032994Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.396958207Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.399056132Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.400913027Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.402379386Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.405563545Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.408752776Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.410651335Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.413673198Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.415865308Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.417676404Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.420900049Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.422697522Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.425112281Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.427266734Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.42954787Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.431449792Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.434729512Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.436585134Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.438858133Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.441351347Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.443278854Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.444594086Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.447284752Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.448690788Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.450681903Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.453413811Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.455023133Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.456419393Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.45984057Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.461588076Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.463257904Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.464743211Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.478224161Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.481017548Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.4829019Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.484469861Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.486175039Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.487613292Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.490605379Z 53 PC: 9e954 | Get interrupt vector (See above)
2018-12-25T12:30:00.492001962Z 37 PC: 9e968 | Set interrupt vector (See above)
2018-12-25T12:30:00.49394427Z 37 PC: 9ea29 | Set interrupt vector (See above)
2018-12-25T12:30:00.495565691Z 62 PC: 122ab | Close file (See above)
2018-12-25T12:30:00.498879729Z 99 PC: 99147 | Get DBCS lead byte table pointer (See above)
2018-12-25T12:30:00.500584869Z 56 PC: 93969 | Get or set country info (See above)
2018-12-25T12:30:00.503549574Z 64 PC: 993b8 | Write file or device (See above)
2018-12-25T12:30:00.509195649Z 25 PC: 939d2 | Get default drive (See above)
2018-12-25T12:30:00.511150062Z 71 PC: 95c4d | Get current directory (See above)
2018-12-25T12:30:00.516642412Z 64 PC: 993b8 | Write file or device (See above)
2018-12-25T12:30:00.521906884Z 2 PC: 95c22 | Character output (See above)
2018-12-25T12:30:00.524225741Z 93 PC: 93a90 | File sharing functions (See above)
2018-12-25T12:30:00.52643137Z 93 PC: 93a97 | File sharing functions (See above)
2018-12-25T12:30:00.528393118Z 10 PC: 93aa9 | Buffered keyboard input (See above)

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":10965,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:29:43.974460484Z 75 PC: 12a5a | Execute program
2018-12-25T12:29:43.976094368Z 53 PC: 12a64 | Get interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:43.977901651Z 74 PC: 12a81 | Reallocate memory
2018-12-25T12:29:43.979195207Z 72 PC: 12a88 | Allocate memory
2018-12-25T12:29:44.005303944Z 37 PC: 12ab1 | Set interrupt vector (Interrupt = '33' AKA 'Random read')
2018-12-25T12:29:44.006507326Z 42 PC: 12ab8 | Get date 0x12ab8: cmp dx, 0x501
0x12abc: je 0x12ac1
0x12abe: jmp 0x12b67
0x12ac1: mov ah, 0xf
0x12ac3: int 0x10
0x12ac5: xor ah, ah
0x12ac7: push ax
0x12ac8: mov ax, 0x13
0x12acb: int 0x10
0x12acd: mov cx, 0x1c
0x12ad0: xor bx, bx
0x12ad2: lea si, word ptr [bp + 0x3cc]
0x12ad6: mov dx, 0x3c8
0x12ad9: mov al, bl
0x12adb: out dx, al
0x12adc: lodsb al, byte ptr [si]
0x12add: mov dx, 0x3c9
0x12ae0: out dx, al
0x12ae1: lodsb al, byte ptr [si]
0x12ae2: out dx, al