Sample viewer

vx.netlux.org/Virus.DOS.Friday13.613

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:29.083371823Z 26 PC: 12f68 | Set disk transfer address
2018-12-17T22:58:29.08573761Z 78 PC: 12f71 | Find first file
2018-12-17T22:58:29.091939563Z 61 PC: 12f98 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:29.098654725Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:29.105867121Z 66 PC: 12fd4 | Move file pointer
2018-12-17T22:58:29.117828613Z 66 PC: 12fe9 | Move file pointer
2018-12-17T22:58:29.119268479Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:29.122410716Z 66 PC: 13007 | Move file pointer
2018-12-17T22:58:29.124730929Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-17T22:58:29.140557674Z 87 PC: 1302e | Get or set file date and time
2018-12-17T22:58:29.142026971Z 62 PC: 13032 | Close file
2018-12-17T22:58:29.150433536Z 79 PC: 12f7a | Find next file
2018-12-17T22:58:29.153043899Z 61 PC: 12f98 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:29.15943444Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:29.166929395Z 66 PC: 12fd4 | Move file pointer
2018-12-17T22:58:29.168507961Z 66 PC: 12fe9 | Move file pointer
2018-12-17T22:58:29.170248222Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:29.174192177Z 66 PC: 13007 | Move file pointer
2018-12-17T22:58:29.175541272Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-17T22:58:29.183354642Z 87 PC: 1302e | Get or set file date and time
2018-12-17T22:58:29.193247293Z 62 PC: 13032 | Close file
2018-12-17T22:58:29.200898871Z 79 PC: 12f7a | Find next file
2018-12-17T22:58:29.203421202Z 61 PC: 12f98 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:29.20969496Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:29.216749718Z 66 PC: 12fd4 | Move file pointer
2018-12-17T22:58:29.218132546Z 66 PC: 12fe9 | Move file pointer
2018-12-17T22:58:29.219412935Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:29.223001494Z 66 PC: 13007 | Move file pointer
2018-12-17T22:58:29.224714194Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-17T22:58:29.236252043Z 87 PC: 1302e | Get or set file date and time
2018-12-17T22:58:29.247562151Z 62 PC: 13032 | Close file
2018-12-17T22:58:29.255340043Z 79 PC: 12f7a | Find next file
2018-12-17T22:58:29.258026293Z 61 PC: 12f98 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:29.265217974Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:29.271518192Z 66 PC: 12fd4 | Move file pointer
2018-12-17T22:58:29.272857952Z 66 PC: 12fe9 | Move file pointer
2018-12-17T22:58:29.274822713Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:29.277758632Z 66 PC: 13007 | Move file pointer
2018-12-17T22:58:29.27954416Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-17T22:58:29.288677873Z 87 PC: 1302e | Get or set file date and time
2018-12-17T22:58:29.290302902Z 62 PC: 13032 | Close file
2018-12-17T22:58:29.313642137Z 79 PC: 12f7a | Find next file
2018-12-17T22:58:29.31743511Z 61 PC: 12f98 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:58:29.336009956Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:29.342732139Z 66 PC: 12fd4 | Move file pointer
2018-12-17T22:58:29.344823792Z 66 PC: 12fe9 | Move file pointer
2018-12-17T22:58:29.347590896Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:29.350669608Z 66 PC: 13007 | Move file pointer
2018-12-17T22:58:29.352481329Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-17T22:58:29.360959255Z 87 PC: 1302e | Get or set file date and time
2018-12-17T22:58:29.362845447Z 62 PC: 13032 | Close file
2018-12-17T22:58:29.37058805Z 79 PC: 12f7a | Find next file
2018-12-17T22:58:29.373466941Z 61 PC: 12f98 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:58:29.384621003Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:29.391092559Z 66 PC: 12fd4 | Move file pointer
2018-12-17T22:58:29.392914395Z 66 PC: 12fe9 | Move file pointer
2018-12-17T22:58:29.394239228Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:29.397027951Z 66 PC: 13007 | Move file pointer
2018-12-17T22:58:29.398979526Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-17T22:58:29.407239087Z 87 PC: 1302e | Get or set file date and time
2018-12-17T22:58:29.408899145Z 62 PC: 13032 | Close file
2018-12-17T22:58:29.417817383Z 79 PC: 12f7a | Find next file
2018-12-17T22:58:29.420717363Z 61 PC: 12f98 | Open file (Filename = 'PAH.COM')
2018-12-17T22:58:29.427524984Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:29.434429204Z 66 PC: 12fd4 | Move file pointer
2018-12-17T22:58:29.435715186Z 66 PC: 12fe9 | Move file pointer
2018-12-17T22:58:29.437041883Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-17T22:58:29.439624729Z 66 PC: 13007 | Move file pointer
2018-12-17T22:58:29.440883827Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-17T22:58:29.448526037Z 87 PC: 1302e | Get or set file date and time
2018-12-17T22:58:29.449996334Z 62 PC: 13032 | Close file
2018-12-17T22:58:29.457291745Z 79 PC: 12f7a | Find next file
2018-12-17T22:58:29.459749443Z 61 PC: 12f98 | Open file (Filename = 'TEST.COM')
2018-12-17T22:58:29.466081968Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-17T22:58:29.468486449Z 87 PC: 1302e | Get or set file date and time
2018-12-17T22:58:29.469836552Z 62 PC: 13032 | Close file
2018-12-17T22:58:29.47676897Z 79 PC: 12f7a | Find next file
2018-12-17T22:58:29.479948511Z 26 PC: 12f8d | Set disk transfer address
2018-12-17T22:58:29.480927473Z 42 PC: 1303f | Get date 0x1303f: cmp al, 0
0x13041: jne 0x13072
0x13043: mov cx, 0xbe
0x13046: mov bx, 0x143
0x13049: mov ax, word ptr es:[bx]
0x1304c: xor ax, 3
0x1304f: mov word ptr es:[bx], ax
0x13052: add bx, 1
0x13055: loop 0x13049
0x13057: mov ah, 9
0x13059: mov dx, 0x144
0x1305c: int 0x21
0x1305e: mov ah, 0
0x13060: int 0x16
0x13062: mov ax, 0x40
0x13065: mov es, ax
0x13067: mov word ptr es:[0x13], 0x200
0x1306e: mov ah, 1
0x13070: int 0x19
0x13072: pop es
2018-12-17T22:58:29.483550212Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12900,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:47.670156039Z 26 PC: 12f68 | Set disk transfer address
2018-12-25T12:36:47.672215679Z 78 PC: 12f71 | Find first file
2018-12-25T12:36:47.67850059Z 61 PC: 12f98 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:47.684985771Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:47.691173411Z 66 PC: 12fd4 | Move file pointer
2018-12-25T12:36:47.697186829Z 66 PC: 12fe9 | Move file pointer
2018-12-25T12:36:47.698790055Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:47.70160672Z 66 PC: 13007 | Move file pointer
2018-12-25T12:36:47.704788227Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-25T12:36:47.720943139Z 87 PC: 1302e | Get or set file date and time
2018-12-25T12:36:47.724937488Z 62 PC: 13032 | Close file
2018-12-25T12:36:47.751417987Z 79 PC: 12f7a | Find next file
2018-12-25T12:36:47.754335345Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:47.760987493Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:47.768395692Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:47.769751501Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:47.771074788Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:47.7744526Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:47.77605665Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:47.784580743Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:47.799859609Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:47.808311007Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:47.810831262Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:47.8171909Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:47.824031699Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:47.825675177Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:47.82771486Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:47.831204982Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:47.832812469Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:47.840888955Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:47.843902424Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:47.853922293Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:47.856535598Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:47.864084087Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:47.870332658Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:47.871739842Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:47.874022319Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:47.876870097Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:47.878507444Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:47.903064186Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:47.904530638Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:47.912438825Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:47.927368909Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:47.933759439Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:47.951872309Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:47.953977639Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:47.95555975Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:47.95836065Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:47.96045639Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:47.968474547Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:47.970849399Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:47.979181687Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:47.981924006Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:47.988935719Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:47.995723344Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:47.997493879Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:47.999033315Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.002422117Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.003965792Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.01219072Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.014077505Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.022709417Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.02546546Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.032135381Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.039268448Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.040919252Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.042512486Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.046187287Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.047556013Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.056664646Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.058942917Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.070759882Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.074045095Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.081097751Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.0838097Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.085437273Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.092821426Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.095125824Z 26 PC: 12f8d | Set disk transfer address
2018-12-25T12:36:48.096156747Z 42 PC: 1303f | Get date 0x1303f: cmp al, 0
0x13041: jne 0x13072
0x13043: mov cx, 0xbe
0x13046: mov bx, 0x143
0x13049: mov ax, word ptr es:[bx]
0x1304c: xor ax, 3
0x1304f: mov word ptr es:[bx], ax
0x13052: add bx, 1
0x13055: loop 0x13049
0x13057: mov ah, 9
0x13059: mov dx, 0x144
0x1305c: int 0x21
0x1305e: mov ah, 0
0x13060: int 0x16
0x13062: mov ax, 0x40
0x13065: mov es, ax
0x13067: mov word ptr es:[0x13], 0x200
0x1306e: mov ah, 1
0x13070: int 0x19
0x13072: pop es
2018-12-25T12:36:48.099274057Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12900,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:48.111821935Z 26 PC: 12f68 | Set disk transfer address
2018-12-25T12:36:48.113625916Z 78 PC: 12f71 | Find first file
2018-12-25T12:36:48.120515145Z 61 PC: 12f98 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:48.127930516Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:48.134963685Z 66 PC: 12fd4 | Move file pointer
2018-12-25T12:36:48.137782773Z 66 PC: 12fe9 | Move file pointer
2018-12-25T12:36:48.139387785Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:48.142429382Z 66 PC: 13007 | Move file pointer
2018-12-25T12:36:48.144585031Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-25T12:36:48.16308425Z 87 PC: 1302e | Get or set file date and time
2018-12-25T12:36:48.165111416Z 62 PC: 13032 | Close file
2018-12-25T12:36:48.174691327Z 79 PC: 12f7a | Find next file
2018-12-25T12:36:48.17829521Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.186790441Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.19448723Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.196944082Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.198759711Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.202431802Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.205216441Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.21403484Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.215650761Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.225051Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.228350883Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.236067575Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.244152301Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.246332363Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.24868559Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.256374233Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.258018876Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.267299805Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.278106863Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.287156715Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.290234977Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.298495459Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.30599029Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.307782686Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.309852891Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.313785797Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.315529408Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.324737249Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.327101972Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.337147418Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.340568286Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.349060251Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.356673568Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.358716292Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.361545795Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.365230936Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.367162306Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.376981203Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.378772096Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.387668301Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.398112719Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.405630842Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.413181061Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.415326196Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.417794199Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.421147832Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.423068943Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.436502769Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.43918533Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.450118825Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.454942283Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.463119376Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.473086638Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.476324079Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.479024794Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.482364739Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.484763143Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.495624351Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.498410809Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.508816225Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.512569427Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.523028067Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.527301025Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.529724938Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.538037498Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.541222902Z 26 PC: 12f8d | Set disk transfer address
2018-12-25T12:36:48.544076969Z 42 PC: 1303f | Get date 0x1303f: cmp al, 0
0x13041: jne 0x13072
0x13043: mov cx, 0xbe
0x13046: mov bx, 0x143
0x13049: mov ax, word ptr es:[bx]
0x1304c: xor ax, 3
0x1304f: mov word ptr es:[bx], ax
0x13052: add bx, 1
0x13055: loop 0x13049
0x13057: mov ah, 9
0x13059: mov dx, 0x144
0x1305c: int 0x21
0x1305e: mov ah, 0
0x13060: int 0x16
0x13062: mov ax, 0x40
0x13065: mov es, ax
0x13067: mov word ptr es:[0x13], 0x200
0x1306e: mov ah, 1
0x13070: int 0x19
0x13072: pop es
2018-12-25T12:36:48.547492809Z 9 PC: 1305e | Display string (Could not find end pointer)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12900,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:48.380379271Z 26 PC: 12f68 | Set disk transfer address
2018-12-25T12:36:48.388937981Z 78 PC: 12f71 | Find first file
2018-12-25T12:36:48.395657295Z 61 PC: 12f98 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:48.403819502Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:48.411190591Z 66 PC: 12fd4 | Move file pointer
2018-12-25T12:36:48.413818485Z 66 PC: 12fe9 | Move file pointer
2018-12-25T12:36:48.415887641Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:48.419395156Z 66 PC: 13007 | Move file pointer
2018-12-25T12:36:48.421693225Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-25T12:36:48.437616574Z 87 PC: 1302e | Get or set file date and time
2018-12-25T12:36:48.439304858Z 62 PC: 13032 | Close file
2018-12-25T12:36:48.448253075Z 79 PC: 12f7a | Find next file
2018-12-25T12:36:48.451252341Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.458612084Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.467076685Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.468687501Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.470593321Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.474670861Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.477116537Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.4864782Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.488441179Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.498182277Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.501489371Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.509113009Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.517318521Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.519072223Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.520735558Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.524266288Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.526048998Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.53692025Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.540464566Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.549917061Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.553228882Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.562189954Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.569741798Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.571750473Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.574570942Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.577803359Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.579430452Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.590110059Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.592169863Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.601080602Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.604418444Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.612385731Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.620148582Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.622113746Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.624895656Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.627799056Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.62943168Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.640087871Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.641877397Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.650232142Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.653509668Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.672202065Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.679537719Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.682112982Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.684088656Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.687477978Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.69006312Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.699819211Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.701575157Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.711250672Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.714396764Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.722143382Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.72936825Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.731180974Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.732786818Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.735825928Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.738750979Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.747877039Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.749993624Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.759825768Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.764009294Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.771960064Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.775633814Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.777653555Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.785698887Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.788865913Z 26 PC: 12f8d | Set disk transfer address
2018-12-25T12:36:48.790521496Z 42 PC: 1303f | Get date 0x1303f: cmp al, 0
0x13041: jne 0x13072
0x13043: mov cx, 0xbe
0x13046: mov bx, 0x143
0x13049: mov ax, word ptr es:[bx]
0x1304c: xor ax, 3
0x1304f: mov word ptr es:[bx], ax
0x13052: add bx, 1
0x13055: loop 0x13049
0x13057: mov ah, 9
0x13059: mov dx, 0x144
0x1305c: int 0x21
0x1305e: mov ah, 0
0x13060: int 0x16
0x13062: mov ax, 0x40
0x13065: mov es, ax
0x13067: mov word ptr es:[0x13], 0x200
0x1306e: mov ah, 1
0x13070: int 0x19
0x13072: pop es
2018-12-25T12:36:48.793149512Z 9 PC: 12e26 | Display string (String= 'Hello - Copyright S & S International, 1990 ')

{"DateBased":true,"Day":6,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":false,"OriginalID":12900,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:36:48.50751505Z 26 PC: 12f68 | Set disk transfer address
2018-12-25T12:36:48.519303387Z 78 PC: 12f71 | Find first file
2018-12-25T12:36:48.536103651Z 61 PC: 12f98 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:36:48.55006006Z 63 PC: 12fb1 | Read file or device (Read 3 bytes on handle 5)
2018-12-25T12:36:48.557137686Z 66 PC: 12fd4 | Move file pointer
2018-12-25T12:36:48.5676364Z 66 PC: 12fe9 | Move file pointer
2018-12-25T12:36:48.568939363Z 64 PC: 12ff5 | Write file or device (Write 3 bytes on handle 5)
2018-12-25T12:36:48.57210232Z 66 PC: 13007 | Move file pointer
2018-12-25T12:36:48.57406791Z 64 PC: 13013 | Write file or device (Write 613 bytes on handle 5)
2018-12-25T12:36:48.591916779Z 87 PC: 1302e | Get or set file date and time
2018-12-25T12:36:48.59926821Z 62 PC: 13032 | Close file
2018-12-25T12:36:48.61455811Z 79 PC: 12f7a | Find next file
2018-12-25T12:36:48.617213657Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.623933701Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.63146657Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.633158989Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.634835695Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.638649303Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.640302033Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.648407373Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.654566761Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.663026588Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.665629375Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.672613833Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.679258129Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.680587434Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.682208512Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.692310364Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.693977932Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.702812806Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.707385124Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.715177054Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.722463974Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.729101371Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.735562774Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.738129025Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.73985044Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.748081309Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.750357562Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.758862946Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.760595801Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.769134768Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.772200772Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.778926015Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.785571453Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.79222875Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.794160594Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.802766397Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.805653189Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.813851185Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.815754979Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.824556337Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.827173036Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.833547901Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.840994099Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.842728459Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.844385126Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.848087815Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.850091837Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.858371581Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.861084805Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.870427272Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.872982733Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.881125062Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.887334546Z 66 PC: 12fd4 | Move file pointer (See above)
2018-12-25T12:36:48.888651259Z 66 PC: 12fe9 | Move file pointer (See above)
2018-12-25T12:36:48.890558214Z 64 PC: 12ff5 | Write file or device (See above)
2018-12-25T12:36:48.893899955Z 66 PC: 13007 | Move file pointer (See above)
2018-12-25T12:36:48.895304652Z 64 PC: 13013 | Write file or device (See above)
2018-12-25T12:36:48.906141964Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.907602057Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.916382768Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.91978765Z 61 PC: 12f98 | Open file (See above)
2018-12-25T12:36:48.927272261Z 63 PC: 12fb1 | Read file or device (See above)
2018-12-25T12:36:48.930367856Z 87 PC: 1302e | Get or set file date and time (See above)
2018-12-25T12:36:48.932186236Z 62 PC: 13032 | Close file (See above)
2018-12-25T12:36:48.940736953Z 79 PC: 12f7a | Find next file (See above)
2018-12-25T12:36:48.943153098Z 26 PC: 12f8d | Set disk transfer address
2018-12-25T12:36:48.944286589Z 42 PC: 1303f | Get date 0x1303f: cmp al, 0
0x13041: jne 0x13072
0x13043: mov cx, 0xbe
0x13046: mov bx, 0x143
0x13049: mov ax, word ptr es:[bx]
0x1304c: xor ax, 3
0x1304f: mov word ptr es:[bx], ax
0x13052: add bx, 1
0x13055: loop 0x13049
0x13057: mov ah, 9
0x13059: mov dx, 0x144
0x1305c: int 0x21
0x1305e: mov ah, 0
0x13060: int 0x16
0x13062: mov ax, 0x40
0x13065: mov es, ax
0x13067: mov word ptr es:[0x13], 0x200
0x1306e: mov ah, 1
0x13070: int 0x19
0x13072: pop es
2018-12-25T12:36:48.947297327Z 9 PC: 1305e | Display string (Could not find end pointer)