Sample viewer

vx.netlux.org/Virus.DOS.Zlodic.999

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:55:28.325377947Z 53 PC: 13265 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:28.327159859Z 37 PC: 1327a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:28.32991969Z 71 PC: 13298 | Get current directory
2018-12-17T22:55:28.333389956Z 47 PC: 1329c | Get disk transfer address
2018-12-17T22:55:28.335006416Z 26 PC: 132ae | Set disk transfer address
2018-12-17T22:55:28.337435394Z 78 PC: 132ed | Find first file
2018-12-17T22:55:28.345428117Z 61 PC: 132fb | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:55:28.356910403Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:55:28.364426629Z 87 PC: 1330c | Get or set file date and time
2018-12-17T22:55:28.366699734Z 66 PC: 1331f | Move file pointer
2018-12-17T22:55:28.368392578Z 62 PC: 13324 | Close file
2018-12-17T22:55:28.370495984Z 79 PC: 132ed | Find next file
2018-12-17T22:55:28.37454025Z 61 PC: 132fb | Open file (Filename = 'PRINT.COM')
2018-12-17T22:55:28.382590761Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:55:28.390351397Z 87 PC: 1330c | Get or set file date and time
2018-12-17T22:55:28.392964522Z 66 PC: 1331f | Move file pointer
2018-12-17T22:55:28.395156084Z 62 PC: 13324 | Close file
2018-12-17T22:55:28.397561718Z 79 PC: 132ed | Find next file
2018-12-17T22:55:28.401698869Z 61 PC: 132fb | Open file (Filename = 'HELLO.COM')
2018-12-17T22:55:28.409953935Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:55:28.417446377Z 87 PC: 1330c | Get or set file date and time
2018-12-17T22:55:28.420987717Z 66 PC: 1331f | Move file pointer
2018-12-17T22:55:28.422742157Z 62 PC: 13324 | Close file
2018-12-17T22:55:28.424854589Z 79 PC: 132ed | Find next file
2018-12-17T22:55:28.428367837Z 61 PC: 132fb | Open file (Filename = 'PHANG.COM')
2018-12-17T22:55:28.436091994Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:55:28.443461755Z 87 PC: 1330c | Get or set file date and time
2018-12-17T22:55:28.445604495Z 66 PC: 1331f | Move file pointer
2018-12-17T22:55:28.449318771Z 62 PC: 13324 | Close file
2018-12-17T22:55:28.452299628Z 79 PC: 132ed | Find next file
2018-12-17T22:55:28.456637536Z 61 PC: 132fb | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:55:28.466832731Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:55:28.474150634Z 87 PC: 1330c | Get or set file date and time
2018-12-17T22:55:28.475640226Z 66 PC: 1331f | Move file pointer
2018-12-17T22:55:28.478246277Z 62 PC: 13324 | Close file
2018-12-17T22:55:28.48030556Z 79 PC: 132ed | Find next file
2018-12-17T22:55:28.48329387Z 61 PC: 132fb | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:55:28.491379237Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:55:28.498415721Z 87 PC: 1330c | Get or set file date and time
2018-12-17T22:55:28.500056958Z 66 PC: 1331f | Move file pointer
2018-12-17T22:55:28.5028125Z 62 PC: 13324 | Close file
2018-12-17T22:55:28.505001447Z 79 PC: 132ed | Find next file
2018-12-17T22:55:28.507951516Z 61 PC: 132fb | Open file (Filename = 'PAH.COM')
2018-12-17T22:55:28.516000474Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:55:28.525135073Z 87 PC: 1330c | Get or set file date and time
2018-12-17T22:55:28.52715896Z 66 PC: 1331f | Move file pointer
2018-12-17T22:55:28.529164172Z 62 PC: 13324 | Close file
2018-12-17T22:55:28.53232166Z 79 PC: 132ed | Find next file
2018-12-17T22:55:28.535213028Z 78 PC: 132ed | Find first file
2018-12-17T22:55:28.544904896Z 61 PC: 132fb | Open file (Filename = 'TEST.EXE')
2018-12-17T22:55:28.552992647Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-17T22:55:28.556150646Z 87 PC: 1330c | Get or set file date and time
2018-12-17T22:55:28.557819746Z 66 PC: 1331f | Move file pointer
2018-12-17T22:55:28.562298159Z 62 PC: 13324 | Close file
2018-12-17T22:55:28.564637108Z 79 PC: 132ed | Find next file
2018-12-17T22:55:28.567723572Z 59 PC: 1336d | Change current directory
2018-12-17T22:55:28.573254175Z 26 PC: 13469 | Set disk transfer address
2018-12-17T22:55:28.5746396Z 37 PC: 13478 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:55:28.575983317Z 59 PC: 13481 | Change current directory
2018-12-17T22:55:28.579512785Z 42 PC: 13485 | Get date 0x13485: cmp dh, 5
0x13488: jb 0x134a6
0x1348a: cmp dh, 0xa
0x1348d: ja 0x134a6
0x1348f: cmp al, 3
0x13491: je 0x1349a
0x13493: cmp al, 6
0x13495: je 0x1349a
0x13497: jmp 0x134a6
0x13499: nop
0x1349a: mov ah, 0x2c
0x1349c: int 0x21
0x1349e: cmp ch, 0x10
0x134a1: jb 0x134a6
0x134a3: call 0x134c7
0x134a6: mov ax, cs
0x134a8: mov ds, ax
0x134aa: mov es, ax
0x134ac: xor bx, bx
0x134ae: mov cx, bx
2018-12-17T22:55:28.581955009Z 9 PC: 1320b | Display string (String= '��� ����� ���� � Angedonya BBS. 7-095-PRI-VA-TE (00:00-07:00) ����� ����ࠦ񭭮�� 䠩�� 2000 ���� ')
2018-12-17T22:55:28.588897826Z 76 PC: 13210 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:28.836669225Z 53 PC: 13265 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:28.838096493Z 37 PC: 1327a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:28.840819817Z 71 PC: 13298 | Get current directory
2018-12-25T12:31:28.843864794Z 47 PC: 1329c | Get disk transfer address
2018-12-25T12:31:28.844994568Z 26 PC: 132ae | Set disk transfer address
2018-12-25T12:31:28.847055986Z 78 PC: 132ed | Find first file
2018-12-25T12:31:28.854014554Z 61 PC: 132fb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:28.861698498Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:31:28.869884878Z 87 PC: 1330c | Get or set file date and time
2018-12-25T12:31:28.871730752Z 66 PC: 1331f | Move file pointer
2018-12-25T12:31:28.873617909Z 62 PC: 13324 | Close file
2018-12-25T12:31:28.876592517Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.879761754Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.886955703Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:28.894726215Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:28.896297773Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:28.898563206Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:28.903058632Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.906791209Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.914398795Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:28.92262247Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:28.925311486Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:28.926929092Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:28.928969727Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.932755055Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.940302795Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:28.947266212Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:28.949262296Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:28.950849676Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:28.952747832Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.956393071Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.964432712Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:28.971686052Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:28.975083161Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:28.976798482Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:28.978634195Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.981788178Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.98967384Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:28.997395937Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:28.999343455Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.001515905Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.003793231Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.006649641Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.014934396Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.021918151Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.023335649Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.025233206Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.027077723Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.029956479Z 78 PC: 132ed | Find first file (See above)
2018-12-25T12:31:29.038426044Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.045823766Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.048653897Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.050324691Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.052141093Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.054129374Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.05715538Z 59 PC: 1336d | Change current directory
2018-12-25T12:31:29.062277098Z 26 PC: 13469 | Set disk transfer address
2018-12-25T12:31:29.063631515Z 37 PC: 13478 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:29.064804175Z 59 PC: 13481 | Change current directory
2018-12-25T12:31:29.067072879Z 42 PC: 13485 | Get date 0x13485: cmp dh, 5
0x13488: jb 0x134a6
0x1348a: cmp dh, 0xa
0x1348d: ja 0x134a6
0x1348f: cmp al, 3
0x13491: je 0x1349a
0x13493: cmp al, 6
0x13495: je 0x1349a
0x13497: jmp 0x134a6
0x13499: nop
0x1349a: mov ah, 0x2c
0x1349c: int 0x21
0x1349e: cmp ch, 0x10
0x134a1: jb 0x134a6
0x134a3: call 0x134c7
0x134a6: mov ax, cs
0x134a8: mov ds, ax
0x134aa: mov es, ax
0x134ac: xor bx, bx
0x134ae: mov cx, bx
2018-12-25T12:31:29.069448799Z 9 PC: 1320b | Display string (String= '��� ����� ���� � Angedonya BBS. 7-095-PRI-VA-TE (00:00-07:00) ����� ����ࠦ񭭮�� 䠩�� 2000 ���� ')
2018-12-25T12:31:29.077150438Z 76 PC: 13210 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:28.868086962Z 53 PC: 13265 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:28.873500754Z 37 PC: 1327a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:28.874895655Z 71 PC: 13298 | Get current directory
2018-12-25T12:31:28.87802893Z 47 PC: 1329c | Get disk transfer address
2018-12-25T12:31:28.884941456Z 26 PC: 132ae | Set disk transfer address
2018-12-25T12:31:28.886299498Z 78 PC: 132ed | Find first file
2018-12-25T12:31:28.893027367Z 61 PC: 132fb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:28.90040454Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:31:28.911483642Z 87 PC: 1330c | Get or set file date and time
2018-12-25T12:31:28.913098205Z 66 PC: 1331f | Move file pointer
2018-12-25T12:31:28.915100765Z 62 PC: 13324 | Close file
2018-12-25T12:31:28.918746291Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.922028442Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.929487334Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:28.938078938Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:28.940006871Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:28.941930461Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:28.944675954Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.948759651Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.956319512Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:28.963729604Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:28.965817038Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:28.967100474Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:28.968607226Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.97128938Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.975864002Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:28.980152939Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:28.981929936Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:28.983158225Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:28.984566462Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.987124036Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.991645531Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:28.99628377Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:28.997997668Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:28.999073101Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.000405694Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.002397636Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.006925281Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.011294593Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.012571976Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.014119243Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.016011099Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.018764559Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.026658582Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.033676369Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.035083986Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.037138322Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.038990553Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.041805889Z 78 PC: 132ed | Find first file (See above)
2018-12-25T12:31:29.049459297Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.056693662Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.059706431Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.061740446Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.063298171Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.065440513Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.068721796Z 59 PC: 1336d | Change current directory
2018-12-25T12:31:29.073168288Z 26 PC: 13469 | Set disk transfer address
2018-12-25T12:31:29.074374382Z 37 PC: 13478 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:29.076385421Z 59 PC: 13481 | Change current directory
2018-12-25T12:31:29.078980209Z 42 PC: 13485 | Get date 0x13485: cmp dh, 5
0x13488: jb 0x134a6
0x1348a: cmp dh, 0xa
0x1348d: ja 0x134a6
0x1348f: cmp al, 3
0x13491: je 0x1349a
0x13493: cmp al, 6
0x13495: je 0x1349a
0x13497: jmp 0x134a6
0x13499: nop
0x1349a: mov ah, 0x2c
0x1349c: int 0x21
0x1349e: cmp ch, 0x10
0x134a1: jb 0x134a6
0x134a3: call 0x134c7
0x134a6: mov ax, cs
0x134a8: mov ds, ax
0x134aa: mov es, ax
0x134ac: xor bx, bx
0x134ae: mov cx, bx
2018-12-25T12:31:29.081327101Z 9 PC: 1320b | Display string (String= '��� ����� ���� � Angedonya BBS. 7-095-PRI-VA-TE (00:00-07:00) ����� ����ࠦ񭭮�� 䠩�� 2000 ���� ')
2018-12-25T12:31:29.088961575Z 76 PC: 13210 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":3,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:28.922436123Z 53 PC: 13265 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:28.923999236Z 37 PC: 1327a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:28.925418348Z 71 PC: 13298 | Get current directory
2018-12-25T12:31:28.927525449Z 47 PC: 1329c | Get disk transfer address
2018-12-25T12:31:28.929089765Z 26 PC: 132ae | Set disk transfer address
2018-12-25T12:31:28.930456256Z 78 PC: 132ed | Find first file
2018-12-25T12:31:28.935276838Z 61 PC: 132fb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:28.951438084Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:31:28.958487966Z 87 PC: 1330c | Get or set file date and time
2018-12-25T12:31:28.959598773Z 66 PC: 1331f | Move file pointer
2018-12-25T12:31:28.960712063Z 62 PC: 13324 | Close file
2018-12-25T12:31:28.962734539Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.967274605Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.974737217Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:28.981918849Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:28.983608399Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:28.985481947Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:28.988065941Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:28.991360413Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:28.999002865Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.007263981Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.008844989Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.010418397Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.013028999Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.016001814Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.02318504Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.030527266Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.03310886Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.034669245Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.036934813Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.040484532Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.048641919Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.057324923Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.059669588Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.061146589Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.063109318Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.066990567Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.074253431Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.081123069Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.083210307Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.084843224Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.086803844Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.090369808Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.097301439Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.104490599Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.106426115Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.107993703Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.109912791Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.112890735Z 78 PC: 132ed | Find first file (See above)
2018-12-25T12:31:29.119240119Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.126239354Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.13426486Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.136265775Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.138824743Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.152071943Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.155777207Z 59 PC: 1336d | Change current directory
2018-12-25T12:31:29.1602979Z 26 PC: 13469 | Set disk transfer address
2018-12-25T12:31:29.161645069Z 37 PC: 13478 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:29.163308089Z 59 PC: 13481 | Change current directory
2018-12-25T12:31:29.165123824Z 42 PC: 13485 | Get date 0x13485: cmp dh, 5
0x13488: jb 0x134a6
0x1348a: cmp dh, 0xa
0x1348d: ja 0x134a6
0x1348f: cmp al, 3
0x13491: je 0x1349a
0x13493: cmp al, 6
0x13495: je 0x1349a
0x13497: jmp 0x134a6
0x13499: nop
0x1349a: mov ah, 0x2c
0x1349c: int 0x21
0x1349e: cmp ch, 0x10
0x134a1: jb 0x134a6
0x134a3: call 0x134c7
0x134a6: mov ax, cs
0x134a8: mov ds, ax
0x134aa: mov es, ax
0x134ac: xor bx, bx
0x134ae: mov cx, bx
2018-12-25T12:31:29.169618081Z 44 PC: 1349e | Get time 0x1349e: cmp ch, 0x10
0x134a1: jb 0x134a6
0x134a3: call 0x134c7
0x134a6: mov ax, cs
0x134a8: mov ds, ax
0x134aa: mov es, ax
0x134ac: xor bx, bx
0x134ae: mov cx, bx
0x134b0: mov dx, cx
0x134b2: mov ax, 0x100
0x134b5: jmp ax
0x134b7: int 0x20
0x134b9: xor ax, ax
0x134bb: iret
0x134bc: mov ah, 0x2c
0x134be: int 0x21
0x134c0: mov ah, cl
0x134c2: add ah, dl
0x134c4: xor ah, cl
0x134c6: ret
2018-12-25T12:31:29.17193628Z 9 PC: 1320b | Display string (String= '��� ����� ���� � Angedonya BBS. 7-095-PRI-VA-TE (00:00-07:00) ����� ����ࠦ񭭮�� 䠩�� 2000 ���� ')
2018-12-25T12:31:29.180693475Z 76 PC: 13210 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":7,"Month":5,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:29.062348615Z 53 PC: 13265 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:29.063489945Z 37 PC: 1327a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:29.065612776Z 71 PC: 13298 | Get current directory
2018-12-25T12:31:29.069208716Z 47 PC: 1329c | Get disk transfer address
2018-12-25T12:31:29.070568856Z 26 PC: 132ae | Set disk transfer address
2018-12-25T12:31:29.072575322Z 78 PC: 132ed | Find first file
2018-12-25T12:31:29.079035889Z 61 PC: 132fb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:29.091187367Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:31:29.098331573Z 87 PC: 1330c | Get or set file date and time
2018-12-25T12:31:29.099918552Z 66 PC: 1331f | Move file pointer
2018-12-25T12:31:29.101546056Z 62 PC: 13324 | Close file
2018-12-25T12:31:29.104349401Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.112409296Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.120325898Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.126409131Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.129169357Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.144689375Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.146480508Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.150283588Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.155289804Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.160116346Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.16999284Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.171284692Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.172671455Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.175431783Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.179929198Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.184834527Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.187015896Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.188338726Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.189864005Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.192291402Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.206120463Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.211250291Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.213442253Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.214624923Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.216338458Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.219909277Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.2241868Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.228777038Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.230299327Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.232085871Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.233859855Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.235992394Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.247305083Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.254400148Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.256889159Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.258390975Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.260303422Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.263058429Z 78 PC: 132ed | Find first file (See above)
2018-12-25T12:31:29.269466608Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.275817323Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.278494134Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.280628749Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.282171998Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.284168675Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.28754591Z 59 PC: 1336d | Change current directory
2018-12-25T12:31:29.290231669Z 26 PC: 13469 | Set disk transfer address
2018-12-25T12:31:29.291064738Z 37 PC: 13478 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:29.29253271Z 59 PC: 13481 | Change current directory
2018-12-25T12:31:29.293781836Z 42 PC: 13485 | Get date 0x13485: cmp dh, 5
0x13488: jb 0x134a6
0x1348a: cmp dh, 0xa
0x1348d: ja 0x134a6
0x1348f: cmp al, 3
0x13491: je 0x1349a
0x13493: cmp al, 6
0x13495: je 0x1349a
0x13497: jmp 0x134a6
0x13499: nop
0x1349a: mov ah, 0x2c
0x1349c: int 0x21
0x1349e: cmp ch, 0x10
0x134a1: jb 0x134a6
0x134a3: call 0x134c7
0x134a6: mov ax, cs
0x134a8: mov ds, ax
0x134aa: mov es, ax
0x134ac: xor bx, bx
0x134ae: mov cx, bx
2018-12-25T12:31:29.295236375Z 44 PC: 1349e | Get time 0x1349e: cmp ch, 0x10
0x134a1: jb 0x134a6
0x134a3: call 0x134c7
0x134a6: mov ax, cs
0x134a8: mov ds, ax
0x134aa: mov es, ax
0x134ac: xor bx, bx
0x134ae: mov cx, bx
0x134b0: mov dx, cx
0x134b2: mov ax, 0x100
0x134b5: jmp ax
0x134b7: int 0x20
0x134b9: xor ax, ax
0x134bb: iret
0x134bc: mov ah, 0x2c
0x134be: int 0x21
0x134c0: mov ah, cl
0x134c2: add ah, dl
0x134c4: xor ah, cl
0x134c6: ret
2018-12-25T12:31:29.297343807Z 9 PC: 1320b | Display string (String= '��� ����� ���� � Angedonya BBS. 7-095-PRI-VA-TE (00:00-07:00) ����� ����ࠦ񭭮�� 䠩�� 2000 ���� ')
2018-12-25T12:31:29.303286048Z 76 PC: 13210 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":11,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":11903,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:31:29.400458741Z 53 PC: 13265 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:29.402879611Z 37 PC: 1327a | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:29.403964267Z 71 PC: 13298 | Get current directory
2018-12-25T12:31:29.406791734Z 47 PC: 1329c | Get disk transfer address
2018-12-25T12:31:29.408461716Z 26 PC: 132ae | Set disk transfer address
2018-12-25T12:31:29.40946716Z 78 PC: 132ed | Find first file
2018-12-25T12:31:29.415155983Z 61 PC: 132fb | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:31:29.421849715Z 63 PC: 13307 | Read file or device (Read 4 bytes on handle 5)
2018-12-25T12:31:29.432231102Z 87 PC: 1330c | Get or set file date and time
2018-12-25T12:31:29.433914244Z 66 PC: 1331f | Move file pointer
2018-12-25T12:31:29.435157797Z 62 PC: 13324 | Close file
2018-12-25T12:31:29.437512706Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.440085614Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.446780376Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.453877702Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.455135779Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.456315939Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.458481002Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.461036172Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.468051101Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.4751594Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.477185624Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.479216788Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.482028448Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.485064574Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.492067683Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.499674695Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.500989153Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.502267479Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.504089894Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.506905479Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.513187232Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.519558027Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.521406948Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.522947058Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.525001984Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.527865224Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.53513832Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.541674007Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.543410546Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.544729777Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.546615524Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.54982219Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.556720786Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.563061744Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.565432578Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.566976801Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.568887063Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.572113936Z 78 PC: 132ed | Find first file (See above)
2018-12-25T12:31:29.577673247Z 61 PC: 132fb | Open file (See above)
2018-12-25T12:31:29.583833573Z 63 PC: 13307 | Read file or device (See above)
2018-12-25T12:31:29.587110135Z 87 PC: 1330c | Get or set file date and time (See above)
2018-12-25T12:31:29.588623033Z 66 PC: 1331f | Move file pointer (See above)
2018-12-25T12:31:29.590150656Z 62 PC: 13324 | Close file (See above)
2018-12-25T12:31:29.59295881Z 79 PC: 132ed | Find next file (See above)
2018-12-25T12:31:29.595419559Z 59 PC: 1336d | Change current directory
2018-12-25T12:31:29.599446319Z 26 PC: 13469 | Set disk transfer address
2018-12-25T12:31:29.601296181Z 37 PC: 13478 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:31:29.602309776Z 59 PC: 13481 | Change current directory
2018-12-25T12:31:29.604084923Z 42 PC: 13485 | Get date 0x13485: cmp dh, 5
0x13488: jb 0x134a6
0x1348a: cmp dh, 0xa
0x1348d: ja 0x134a6
0x1348f: cmp al, 3
0x13491: je 0x1349a
0x13493: cmp al, 6
0x13495: je 0x1349a
0x13497: jmp 0x134a6
0x13499: nop
0x1349a: mov ah, 0x2c
0x1349c: int 0x21
0x1349e: cmp ch, 0x10
0x134a1: jb 0x134a6
0x134a3: call 0x134c7
0x134a6: mov ax, cs
0x134a8: mov ds, ax
0x134aa: mov es, ax
0x134ac: xor bx, bx
0x134ae: mov cx, bx
2018-12-25T12:31:29.607557909Z 9 PC: 1320b | Display string (String= '��� ����� ���� � Angedonya BBS. 7-095-PRI-VA-TE (00:00-07:00) ����� ����ࠦ񭭮�� 䠩�� 2000 ���� ')
2018-12-25T12:31:29.614167161Z 76 PC: 13210 | Terminate with return code (Return code = '1')