Sample viewer

vx.netlux.org/Virus.DOS.IVP.Skin.964

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-17T22:58:39.574308568Z 26 PC: 12ca9 | Set disk transfer address
2018-12-17T22:58:39.576983054Z 53 PC: 12ab0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:39.583370029Z 37 PC: 12ac2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:39.585858446Z 71 PC: 12ace | Get current directory
2018-12-17T22:58:39.590397518Z 78 PC: 12b44 | Find first file
2018-12-17T22:58:39.596693571Z 78 PC: 12b44 | Find first file
2018-12-17T22:58:39.601305189Z 61 PC: 12cb2 | Open file (Filename = 'SLEEP.COM')
2018-12-17T22:58:39.606468404Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:39.613727547Z 62 PC: 12b63 | Close file
2018-12-17T22:58:39.615909028Z 79 PC: 12b44 | Find next file
2018-12-17T22:58:39.61869806Z 61 PC: 12cb2 | Open file (Filename = 'PRINT.COM')
2018-12-17T22:58:39.632165553Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:39.637852151Z 62 PC: 12b63 | Close file
2018-12-17T22:58:39.639426891Z 79 PC: 12b44 | Find next file
2018-12-17T22:58:39.642402614Z 61 PC: 12cb2 | Open file (Filename = 'HELLO.COM')
2018-12-17T22:58:39.648663752Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:39.655489421Z 62 PC: 12b63 | Close file
2018-12-17T22:58:39.661781828Z 79 PC: 12b44 | Find next file
2018-12-17T22:58:39.665245919Z 61 PC: 12cb2 | Open file (Filename = 'PHANG.COM')
2018-12-17T22:58:39.672463315Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:39.679466898Z 62 PC: 12b63 | Close file
2018-12-17T22:58:39.6819364Z 79 PC: 12b44 | Find next file
2018-12-17T22:58:39.68481496Z 61 PC: 12cb2 | Open file (Filename = 'PRINTA~1.COM')
2018-12-17T22:58:39.691865132Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:39.699522564Z 62 PC: 12b63 | Close file
2018-12-17T22:58:39.701759648Z 79 PC: 12b44 | Find next file
2018-12-17T22:58:39.705613432Z 61 PC: 12cb2 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:58:39.713150809Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:39.720688657Z 62 PC: 12b63 | Close file
2018-12-17T22:58:39.722830082Z 67 PC: 12cbd | Get or set file attributes
2018-12-17T22:58:39.740629497Z 61 PC: 12cb2 | Open file (Filename = 'MANDEL.COM')
2018-12-17T22:58:39.746746434Z 64 PC: 12c50 | Write file or device (Write 5 bytes on handle 5)
2018-12-17T22:58:39.7494148Z 66 PC: 12ca4 | Move file pointer
2018-12-17T22:58:39.751826432Z 44 PC: 12c5b | Get time 0x12c5b: cmp dh, 0
0x12c5e: je 0x12c57
0x12c60: mov byte ptr cs:[bp + 0x4d5], dh
0x12c65: call 0x12dd1
0x12c68: inc byte ptr cs:[bp + 0x4e5]
0x12c6d: mov ax, 0x5701
0x12c70: mov cx, word ptr cs:[bp + 0x558]
0x12c75: mov dx, word ptr cs:[bp + 0x55a]
0x12c7a: int 0x21
0x12c7c: mov ah, 0x3e
0x12c7e: int 0x21
0x12c80: xor cx, cx
0x12c82: mov cl, byte ptr cs:[bp + 0x557]
0x12c87: call 0x12cb4
0x12c8a: ret
0x12c8b: mov ah, 0x2a
0x12c8d: int 0x21
0x12c8f: cmp al, 5
0x12c91: jb 0x12c9b
0x12c93: mov ah, 9
2018-12-17T22:58:39.753999216Z 64 PC: 12e39 | Write file or device (Write 964 bytes on handle 5)
2018-12-17T22:58:39.762741267Z 87 PC: 12c7c | Get or set file date and time
2018-12-17T22:58:39.765545819Z 62 PC: 12c80 | Close file
2018-12-17T22:58:39.774712768Z 67 PC: 12cbd | Get or set file attributes
2018-12-17T22:58:39.786021173Z 79 PC: 12b44 | Find next file
2018-12-17T22:58:39.789397399Z 61 PC: 12cb2 | Open file (Filename = 'PAH.COM')
2018-12-17T22:58:39.797668926Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:39.80490161Z 62 PC: 12b63 | Close file
2018-12-17T22:58:39.807141951Z 79 PC: 12b44 | Find next file
2018-12-17T22:58:39.810858947Z 61 PC: 12cb2 | Open file (Filename = 'TEST.COM')
2018-12-17T22:58:39.818063829Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-17T22:58:39.824949541Z 62 PC: 12b63 | Close file
2018-12-17T22:58:39.827724006Z 79 PC: 12b44 | Find next file
2018-12-17T22:58:39.830358257Z 59 PC: 12ae4 | Change current directory
2018-12-17T22:58:39.834866771Z 42 PC: 12c8f | Get date 0x12c8f: cmp al, 5
0x12c91: jb 0x12c9b
0x12c93: mov ah, 9
0x12c95: lea dx, word ptr [bp + 0x3ab]
0x12c99: int 0x21
0x12c9b: ret
0x12c9c: mov ah, 0x42
0x12c9e: xor cx, cx
0x12ca0: xor dx, dx
0x12ca2: int 0x21
0x12ca4: ret
0x12ca5: mov ah, 0x1a
0x12ca7: int 0x21
0x12ca9: ret
0x12caa: mov ah, 0x3d
0x12cac: lea dx, word ptr [bp + 0x560]
0x12cb0: int 0x21
0x12cb2: xchg ax, bx
0x12cb3: ret
0x12cb4: mov ax, 0x4301
2018-12-17T22:58:39.838342955Z 37 PC: 12af3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-17T22:58:39.839696529Z 59 PC: 12afd | Change current directory
2018-12-17T22:58:39.84171871Z 26 PC: 12ca9 | Set disk transfer address

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12946,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:03.89384444Z 26 PC: 12ca9 | Set disk transfer address
2018-12-25T12:37:03.895533903Z 53 PC: 12ab0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:03.896868618Z 37 PC: 12ac2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:03.898039133Z 71 PC: 12ace | Get current directory
2018-12-25T12:37:03.901679972Z 78 PC: 12b44 | Find first file
2018-12-25T12:37:03.908330326Z 78 PC: 12b44 | Find first file (See above)
2018-12-25T12:37:03.915061642Z 61 PC: 12cb2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:03.92281152Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:37:03.929949018Z 62 PC: 12b63 | Close file
2018-12-25T12:37:03.932151612Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:03.935294295Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:03.948912566Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:03.956127396Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:03.958004423Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:03.961346553Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:03.968682468Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:03.975619929Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:03.977997224Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:03.980921721Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:03.988181275Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:03.995643263Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:03.997628867Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.000465038Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.0092317Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.016135197Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.017807108Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.020650261Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.02782576Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.0346411Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.036574739Z 67 PC: 12cbd | Get or set file attributes
2018-12-25T12:37:04.054891526Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.061953255Z 64 PC: 12c50 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:37:04.064704171Z 66 PC: 12ca4 | Move file pointer
2018-12-25T12:37:04.066114477Z 44 PC: 12c5b | Get time 0x12c5b: cmp dh, 0
0x12c5e: je 0x12c57
0x12c60: mov byte ptr cs:[bp + 0x4d5], dh
0x12c65: call 0x12dd1
0x12c68: inc byte ptr cs:[bp + 0x4e5]
0x12c6d: mov ax, 0x5701
0x12c70: mov cx, word ptr cs:[bp + 0x558]
0x12c75: mov dx, word ptr cs:[bp + 0x55a]
0x12c7a: int 0x21
0x12c7c: mov ah, 0x3e
0x12c7e: int 0x21
0x12c80: xor cx, cx
0x12c82: mov cl, byte ptr cs:[bp + 0x557]
0x12c87: call 0x12cb4
0x12c8a: ret
0x12c8b: mov ah, 0x2a
0x12c8d: int 0x21
0x12c8f: cmp al, 5
0x12c91: jb 0x12c9b
0x12c93: mov ah, 9
2018-12-25T12:37:04.068798676Z 64 PC: 12e39 | Write file or device (Write 964 bytes on handle 5)
2018-12-25T12:37:04.078948626Z 87 PC: 12c7c | Get or set file date and time
2018-12-25T12:37:04.080828006Z 62 PC: 12c80 | Close file
2018-12-25T12:37:04.089464428Z 67 PC: 12cbd | Get or set file attributes (See above)
2018-12-25T12:37:04.100199192Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.103499653Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.110768143Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.117864738Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.120194278Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.123169856Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.130315766Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.138042772Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.140043047Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.142631595Z 59 PC: 12ae4 | Change current directory
2018-12-25T12:37:04.147415756Z 42 PC: 12c8f | Get date 0x12c8f: cmp al, 5
0x12c91: jb 0x12c9b
0x12c93: mov ah, 9
0x12c95: lea dx, word ptr [bp + 0x3ab]
0x12c99: int 0x21
0x12c9b: ret
0x12c9c: mov ah, 0x42
0x12c9e: xor cx, cx
0x12ca0: xor dx, dx
0x12ca2: int 0x21
0x12ca4: ret
0x12ca5: mov ah, 0x1a
0x12ca7: int 0x21
0x12ca9: ret
0x12caa: mov ah, 0x3d
0x12cac: lea dx, word ptr [bp + 0x560]
0x12cb0: int 0x21
0x12cb2: xchg ax, bx
0x12cb3: ret
0x12cb4: mov ax, 0x4301
2018-12-25T12:37:04.149733409Z 37 PC: 12af3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.15075551Z 59 PC: 12afd | Change current directory
2018-12-25T12:37:04.152997661Z 26 PC: 12ca9 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":0,"TimeBased":true,"OriginalID":12946,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:04.698492368Z 26 PC: 12ca9 | Set disk transfer address
2018-12-25T12:37:04.700612104Z 53 PC: 12ab0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.701767061Z 37 PC: 12ac2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.70315489Z 71 PC: 12ace | Get current directory
2018-12-25T12:37:04.706631903Z 78 PC: 12b44 | Find first file
2018-12-25T12:37:04.712848725Z 78 PC: 12b44 | Find first file (See above)
2018-12-25T12:37:04.723248505Z 61 PC: 12cb2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:04.734308829Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:37:04.741185292Z 62 PC: 12b63 | Close file
2018-12-25T12:37:04.742808469Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.745264167Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.751776857Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.758392968Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.760535748Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.76364569Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.77098239Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.777895848Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.780797925Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.783398616Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.789961538Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.797805951Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.799674356Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.803722636Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.810808789Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.818027077Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.820041933Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.822825047Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.830509916Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.836967836Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.839231826Z 67 PC: 12cbd | Get or set file attributes
2018-12-25T12:37:04.85883781Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.865427922Z 64 PC: 12c50 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:37:04.868163009Z 66 PC: 12ca4 | Move file pointer
2018-12-25T12:37:04.869925982Z 44 PC: 12c5b | Get time 0x12c5b: cmp dh, 0
0x12c5e: je 0x12c57
0x12c60: mov byte ptr cs:[bp + 0x4d5], dh
0x12c65: call 0x12dd1
0x12c68: inc byte ptr cs:[bp + 0x4e5]
0x12c6d: mov ax, 0x5701
0x12c70: mov cx, word ptr cs:[bp + 0x558]
0x12c75: mov dx, word ptr cs:[bp + 0x55a]
0x12c7a: int 0x21
0x12c7c: mov ah, 0x3e
0x12c7e: int 0x21
0x12c80: xor cx, cx
0x12c82: mov cl, byte ptr cs:[bp + 0x557]
0x12c87: call 0x12cb4
0x12c8a: ret
0x12c8b: mov ah, 0x2a
0x12c8d: int 0x21
0x12c8f: cmp al, 5
0x12c91: jb 0x12c9b
0x12c93: mov ah, 9
2018-12-25T12:37:04.872379022Z 64 PC: 12e39 | Write file or device (Write 964 bytes on handle 5)
2018-12-25T12:37:04.88071365Z 87 PC: 12c7c | Get or set file date and time
2018-12-25T12:37:04.883932609Z 62 PC: 12c80 | Close file
2018-12-25T12:37:04.889944138Z 67 PC: 12cbd | Get or set file attributes (See above)
2018-12-25T12:37:04.899762223Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.902939048Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.909502231Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.915658802Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.918138389Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.920698079Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:04.927203538Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:04.93402223Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:04.935724588Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:04.937849887Z 59 PC: 12ae4 | Change current directory
2018-12-25T12:37:04.944551471Z 42 PC: 12c8f | Get date 0x12c8f: cmp al, 5
0x12c91: jb 0x12c9b
0x12c93: mov ah, 9
0x12c95: lea dx, word ptr [bp + 0x3ab]
0x12c99: int 0x21
0x12c9b: ret
0x12c9c: mov ah, 0x42
0x12c9e: xor cx, cx
0x12ca0: xor dx, dx
0x12ca2: int 0x21
0x12ca4: ret
0x12ca5: mov ah, 0x1a
0x12ca7: int 0x21
0x12ca9: ret
0x12caa: mov ah, 0x3d
0x12cac: lea dx, word ptr [bp + 0x560]
0x12cb0: int 0x21
0x12cb2: xchg ax, bx
0x12cb3: ret
0x12cb4: mov ax, 0x4301
2018-12-25T12:37:04.946129877Z 37 PC: 12af3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:04.946952411Z 59 PC: 12afd | Change current directory
2018-12-25T12:37:04.949006266Z 26 PC: 12ca9 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12946,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.011360461Z 26 PC: 12ca9 | Set disk transfer address
2018-12-25T12:37:05.012811839Z 53 PC: 12ab0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.013826877Z 37 PC: 12ac2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.014776338Z 71 PC: 12ace | Get current directory
2018-12-25T12:37:05.017849734Z 78 PC: 12b44 | Find first file
2018-12-25T12:37:05.023461551Z 78 PC: 12b44 | Find first file (See above)
2018-12-25T12:37:05.028986125Z 61 PC: 12cb2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:05.035748513Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:37:05.041788512Z 62 PC: 12b63 | Close file
2018-12-25T12:37:05.043437011Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.046573794Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.05825511Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.064382027Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.066527132Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.069316247Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.075634015Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.0823887Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.084133984Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.086614862Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.093349963Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.099373192Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.100968122Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.104119341Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.110470927Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.116571487Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.118421355Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.122334623Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.128544134Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.134490123Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.1372052Z 67 PC: 12cbd | Get or set file attributes
2018-12-25T12:37:05.152363031Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.158729311Z 64 PC: 12c50 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:37:05.161652312Z 66 PC: 12ca4 | Move file pointer
2018-12-25T12:37:05.163022756Z 44 PC: 12c5b | Get time 0x12c5b: cmp dh, 0
0x12c5e: je 0x12c57
0x12c60: mov byte ptr cs:[bp + 0x4d5], dh
0x12c65: call 0x12dd1
0x12c68: inc byte ptr cs:[bp + 0x4e5]
0x12c6d: mov ax, 0x5701
0x12c70: mov cx, word ptr cs:[bp + 0x558]
0x12c75: mov dx, word ptr cs:[bp + 0x55a]
0x12c7a: int 0x21
0x12c7c: mov ah, 0x3e
0x12c7e: int 0x21
0x12c80: xor cx, cx
0x12c82: mov cl, byte ptr cs:[bp + 0x557]
0x12c87: call 0x12cb4
0x12c8a: ret
0x12c8b: mov ah, 0x2a
0x12c8d: int 0x21
0x12c8f: cmp al, 5
0x12c91: jb 0x12c9b
0x12c93: mov ah, 9
2018-12-25T12:37:05.165470456Z 64 PC: 12e39 | Write file or device (Write 964 bytes on handle 5)
2018-12-25T12:37:05.174507769Z 87 PC: 12c7c | Get or set file date and time
2018-12-25T12:37:05.175879709Z 62 PC: 12c80 | Close file
2018-12-25T12:37:05.183203154Z 67 PC: 12cbd | Get or set file attributes (See above)
2018-12-25T12:37:05.193319824Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.195720726Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.201744308Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.205969497Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.207172536Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.208715968Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.213394435Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.217156924Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.218282165Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.220603855Z 59 PC: 12ae4 | Change current directory
2018-12-25T12:37:05.223183901Z 42 PC: 12c8f | Get date 0x12c8f: cmp al, 5
0x12c91: jb 0x12c9b
0x12c93: mov ah, 9
0x12c95: lea dx, word ptr [bp + 0x3ab]
0x12c99: int 0x21
0x12c9b: ret
0x12c9c: mov ah, 0x42
0x12c9e: xor cx, cx
0x12ca0: xor dx, dx
0x12ca2: int 0x21
0x12ca4: ret
0x12ca5: mov ah, 0x1a
0x12ca7: int 0x21
0x12ca9: ret
0x12caa: mov ah, 0x3d
0x12cac: lea dx, word ptr [bp + 0x560]
0x12cb0: int 0x21
0x12cb2: xchg ax, bx
0x12cb3: ret
0x12cb4: mov ax, 0x4301
2018-12-25T12:37:05.224552046Z 37 PC: 12af3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.22587654Z 59 PC: 12afd | Change current directory
2018-12-25T12:37:05.227025569Z 26 PC: 12ca9 | Set disk transfer address (See above)

{"DateBased":true,"Day":1,"Month":1,"Year":1980,"Hour":0,"Min":0,"Second":1,"TimeBased":true,"OriginalID":12946,"SideJobID":0}

.

GIF

Syscalls:

Time Syscall Op Syscall Name
2018-12-25T12:37:05.079433363Z 26 PC: 12ca9 | Set disk transfer address
2018-12-25T12:37:05.081212507Z 53 PC: 12ab0 | Get interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.082261298Z 37 PC: 12ac2 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.083758019Z 71 PC: 12ace | Get current directory
2018-12-25T12:37:05.087371689Z 78 PC: 12b44 | Find first file
2018-12-25T12:37:05.09337132Z 78 PC: 12b44 | Find first file (See above)
2018-12-25T12:37:05.104820796Z 61 PC: 12cb2 | Open file (Filename = 'SLEEP.COM')
2018-12-25T12:37:05.111604442Z 63 PC: 12b5f | Read file or device (Read 26 bytes on handle 5)
2018-12-25T12:37:05.117785385Z 62 PC: 12b63 | Close file
2018-12-25T12:37:05.119708698Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.122911099Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.129558093Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.135559578Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.137372993Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.140312482Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.146747899Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.152957962Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.155614265Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.158523568Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.162934949Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.167610487Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.169417311Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.171730426Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.176174436Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.180143138Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.18607334Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.187756264Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.191902505Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.196581408Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.197934054Z 67 PC: 12cbd | Get or set file attributes
2018-12-25T12:37:05.212039207Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.219767269Z 64 PC: 12c50 | Write file or device (Write 5 bytes on handle 5)
2018-12-25T12:37:05.22247119Z 66 PC: 12ca4 | Move file pointer
2018-12-25T12:37:05.223946141Z 44 PC: 12c5b | Get time 0x12c5b: cmp dh, 0
0x12c5e: je 0x12c57
0x12c60: mov byte ptr cs:[bp + 0x4d5], dh
0x12c65: call 0x12dd1
0x12c68: inc byte ptr cs:[bp + 0x4e5]
0x12c6d: mov ax, 0x5701
0x12c70: mov cx, word ptr cs:[bp + 0x558]
0x12c75: mov dx, word ptr cs:[bp + 0x55a]
0x12c7a: int 0x21
0x12c7c: mov ah, 0x3e
0x12c7e: int 0x21
0x12c80: xor cx, cx
0x12c82: mov cl, byte ptr cs:[bp + 0x557]
0x12c87: call 0x12cb4
0x12c8a: ret
0x12c8b: mov ah, 0x2a
0x12c8d: int 0x21
0x12c8f: cmp al, 5
0x12c91: jb 0x12c9b
0x12c93: mov ah, 9
2018-12-25T12:37:05.227414876Z 64 PC: 12e39 | Write file or device (Write 964 bytes on handle 5)
2018-12-25T12:37:05.236342494Z 87 PC: 12c7c | Get or set file date and time
2018-12-25T12:37:05.23768697Z 62 PC: 12c80 | Close file
2018-12-25T12:37:05.246663702Z 67 PC: 12cbd | Get or set file attributes (See above)
2018-12-25T12:37:05.256162022Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.258579451Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.265429502Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.271450249Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.273040976Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.275640935Z 61 PC: 12cb2 | Open file (See above)
2018-12-25T12:37:05.282105736Z 63 PC: 12b5f | Read file or device (See above)
2018-12-25T12:37:05.288056542Z 62 PC: 12b63 | Close file (See above)
2018-12-25T12:37:05.289675363Z 79 PC: 12b44 | Find next file (See above)
2018-12-25T12:37:05.292666924Z 59 PC: 12ae4 | Change current directory
2018-12-25T12:37:05.296504096Z 42 PC: 12c8f | Get date 0x12c8f: cmp al, 5
0x12c91: jb 0x12c9b
0x12c93: mov ah, 9
0x12c95: lea dx, word ptr [bp + 0x3ab]
0x12c99: int 0x21
0x12c9b: ret
0x12c9c: mov ah, 0x42
0x12c9e: xor cx, cx
0x12ca0: xor dx, dx
0x12ca2: int 0x21
0x12ca4: ret
0x12ca5: mov ah, 0x1a
0x12ca7: int 0x21
0x12ca9: ret
0x12caa: mov ah, 0x3d
0x12cac: lea dx, word ptr [bp + 0x560]
0x12cb0: int 0x21
0x12cb2: xchg ax, bx
0x12cb3: ret
0x12cb4: mov ax, 0x4301
2018-12-25T12:37:05.298443021Z 37 PC: 12af3 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number')
2018-12-25T12:37:05.29991166Z 59 PC: 12afd | Change current directory
2018-12-25T12:37:05.301536264Z 26 PC: 12ca9 | Set disk transfer address (See above)